jl-video-downloader
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill matches its stated video-downloading purpose, but its wrapper can execute injected shell commands and it asks for sensitive keys/cookies while relying on unpinned external code.
Only install this if you trust the external jl-video-downloader package and understand the credential risks. Do not paste main-account cookies unless necessary, avoid running it on untrusted URLs until the eval issue is fixed, and review any shell rc changes after setup.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted video URL, output path, proxy, or extra argument could cause commands to run on the user's machine under the user's account.
The script places user-controlled URL and extra arguments into a command string and executes it with eval, allowing shell metacharacters or command substitutions in inputs to run unintended commands.
uvx_cmd="$uvx_cmd \"$url\"" ... uvx_cmd="$uvx_cmd ${args[*]}" ... eval "$uvx_cmd"Remove eval and execute commands with an argument array, validate URLs and paths, and require explicit user approval before running generated shell commands.
If copied into the config, these credentials or cookies may allow access to paid API usage or logged-in platform sessions if mishandled by the external tool or exposed locally.
The skill asks users to store API keys and platform cookies, including session cookies for Bilibili/Douyin, but the registry metadata declares no credentials or environment variables and the reviewed artifacts do not bound how those cookies are used.
SILI_FLOW_API_KEY="sk-your-siliflow-api-key" ... DEEPSEEK_API_KEY="sk-your-deepseek-api-key" ... BILIBILI_COOKIES="" ... DOUYIN_COOKIES=""
Declare all required credentials in metadata, document exactly where they are sent and why, avoid session cookies where possible, and advise users to use least-privilege or temporary credentials.
The code that actually performs downloads and transcript extraction can change outside the reviewed skill artifacts, so users cannot verify exactly what will run at install or upgrade time.
The setup path downloads and executes a remote installer and installs or upgrades the main downloader package without a pinned version, checksum, lockfile, homepage, or included source for review.
curl -LsSf https://astral.sh/uv/install.sh | sh ... uv tool upgrade jl-video-downloader ... uv tool install jl-video-downloader
Pin exact package versions, provide provenance and hashes, avoid curl-to-shell where possible, and include or link auditable source for the runtime package.
API keys, cookies, proxy settings, and output paths may be loaded into future terminal sessions and inherited by other commands launched from those shells.
The installer appends a persistent source command to the user's shell startup file so the skill's environment file is loaded in future shells.
cat >> "$shell_rc" << EOF
# JL Video Downloader 环境变量
if [[ -f "$loader_file" ]]; then
source "$loader_file"
fi
EOFAsk before modifying shell startup files, document how to remove the added block, and avoid globally loading secrets unless the user explicitly wants that behavior.