📺 Bilibili Skill
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill openly automates Bilibili, but it gives an agent cookie-backed power to post, delete, repost, and like content without clear approval safeguards and relies on external code not included in the package.
Install only if you intentionally want an agent to operate your Bilibili account. Prefer a test account, avoid storing cookies in shared workspace files, review the external CLI/MCP code first, and require manual confirmation before any post, delete, repost, or like action.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with the user's cookies, an agent could post, delete, repost, or like content on the user's Bilibili account, potentially causing public embarrassment, content loss, or account restrictions.
These documented commands let the agent perform public/account-mutating Bilibili actions, but the artifacts do not add a confirmation or scope gate for such actions.
`dynamic publish` - 发布动态; `dynamic delete` - 删除动态; `dynamic repost` - 转发动态; `video like` - 点赞/取消点赞
Default to read-only commands, require explicit user confirmation for each publish/delete/repost/like action, and provide a dry-run or audit summary before any mutation.
Anyone or any agent action that can use those cookies may act as the Bilibili account owner; leaked cookies could also enable account misuse outside this skill.
The wrapper automatically extracts reusable Bilibili session cookies from environment variables or a workspace file and passes them into CLI operations, granting authenticated account authority.
COOKIES_FILE="/root/.openclaw/workspace/bilibili-cookies.md" ... python3 "$BILIBILI_CLI" --sessdata "$SESSDATA" --bili_jct "$BILI_JCT" --buvid3 "$BUVID3" "$@"
Declare the credential requirement clearly, prefer a protected credential store over a markdown workspace file, use a separate/test account where possible, and limit authenticated cookies to only the actions that truly need them.
A missing, replaced, or unreviewed external CLI at that path could receive session cookies and perform account actions, and users cannot verify its behavior from this skill package alone.
The core wrapper runs an external hard-coded Python script that is not included in the supplied file manifest, yet that script receives the user's Bilibili cookies.
BILIBILI_CLI="/root/.openclaw/workspace/external/bilibili-api/bilibili-cli.py" ... python3 "$BILIBILI_CLI"
Vendor or pin the exact helper code, verify the external path before use, prefer the declared installed binary when possible, and review the external CLI before providing account cookies.
If enabled, agent requests for Bilibili search/query/danmaku functions would pass through an additional unreviewed component.
The optional MCP setup adds another local agent-facing server from an external path not included in the artifacts, so its permissions and data handling are not reviewable here.
"mcp": { "servers": { "bilibili": { "command": "python3", "args": ["/root/.openclaw/workspace/external/bilibili-mcp-server/bilibili.py"], "transport": "stdio" }}}Enable the MCP server only if needed, review and pin that server separately, and keep it limited to the minimum Bilibili functions required.