Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Bilibili Analytics
v1.0.0Bilibili视频搜索与数据分析。抓取指定关键词的搜索结果,生成统计报告。支持多页面抓取、数据分析和可视化报告。适用于:(1) 搜索B站视频 (2) 分析视频数据 (3) 生成统计报告 (4) 追踪热门趋势
⭐ 0· 824·7 current·7 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (Bilibili scraping + analysis) align with the included scripts and SKILL.md. However the package metadata lists no required binaries while both SKILL.md, INSTALL.md, and scripts clearly require the external tool `agent-browser` (and the scrape script also expects `jq` for the final count). This is an omission/incoherence in declared requirements.
Instruction Scope
Runtime instructions and scripts limit activity to opening Bilibili search pages, executing browser-evaluation JavaScript to extract public page data, saving JSON files, and running a local Python analysis. The instructions do not reference unrelated system files, environment secrets, or external endpoints beyond Bilibili and local filesystem. They do instruct multi-page scraping and use sleep to slow requests, but they give the agent discretion to perform repeated requests—so rate limits and anti-scraping behavior should be considered.
Install Mechanism
There is no formal install spec in the registry (instruction-only), which is lower-risk; INSTALL.md provides manual install steps including downloading/unzipping or git cloning. No external binary downloads from untrusted URLs are present in included files. Still, the INSTALL.md asks the user to run `agent-browser install` and to pip-install requirements (requirements.txt is referenced but not present in the file manifest), which are operational gaps to verify.
Credentials
The skill declares no environment variables or credentials and the scripts do not attempt to read secrets. The requests and filesystem writes (creating bilibili_data_*.json and report files) are proportional to the stated data-collection purpose.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and only writes output files in the working directory. It runs on-demand via agent-browser and local scripts; no elevated or persistent platform-level privileges are requested.
What to consider before installing
This skill appears to be what it claims (scrape Bilibili search results and analyze them), but check these before installing or running:
- Missing declared dependencies: the scripts and SKILL.md require agent-browser (a third-party CLI) and the shell script prints usage of `jq`—these are not listed in the registry metadata. Install and vet agent-browser separately before use.
- Origin & provenance: the package homepage and source are unknown/placeholder; prefer skills from a known repository or inspect the full code locally before running.
- Rate limits and legality: scraping public pages is visible to the target site and may violate terms of service; use conservative scraping rates and confirm compliance.
- Requirements file mismatch: INSTALL.md references requirements.txt (pip) but the manifest doesn't include it—verify Python deps before running analyze_data.py.
- Run in a restricted environment: because the skill opens web pages and writes files, run initially in a sandbox or isolated account and inspect outputs (JSON/report files). If you allow the agent to invoke this autonomously, be aware it can run multi-page scrapes automatically—consider limiting invocation or requiring manual approval.
If you want to proceed, obtain and inspect the real upstream repository (or request the author/homepage), ensure agent-browser and jq are trusted and installed, and test on a small page set first.Like a lobster shell, security has layers — review code before you run it.
latestvk97f2f21ettd2ktvtmg7aa9xs98201fv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.