ClawHub

bili-mindmap

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but it needs review because fallback transcription can send extracted video audio to external services without a clear consent gate.

Review before installing. Use it only for videos whose metadata, comments, subtitles, and audio you are comfortable storing locally and potentially sending to ASR services. Prefer a local-only ASR provider, avoid sensitive or private content, verify any Parakeet endpoint, and delete generated audio/context files when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill clearly instructs use of shell commands, local file reads and writes, network access, and potentially environment-dependent configuration, yet it declares no permissions or capability boundaries. That mismatch is dangerous because users and hosting platforms cannot accurately assess what the skill will access or whether execution should be sandboxed, especially since it performs login flows, downloads content, and writes outputs.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly states that the skill collects video metadata, subtitles, comments, and ASR fallback material, but it does not disclose privacy implications, retention expectations, or whether user-supplied/private-accessed content may be processed or stored. In a skill that may use authenticated access and transcription, lack of notice can cause operators to process more third-party content than expected and mishandle personal or sensitive data embedded in comments, subtitles, or audio.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README references Aliyun ASR and an OpenAI-compatible transcription endpoint but does not warn that audio or derived content may be transmitted to external services. This omission is risky because users may assume all processing is local, while media content could be sent off-box to third-party systems with separate logging, retention, and compliance implications.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill processes subtitles, comments, AI summaries, audio extraction, and may send audio or derived transcript data to external ASR services, including cloud providers, but it does not prominently disclose this data flow or obtain informed user consent. This creates a privacy and compliance risk because users may not realize that video-derived content, metadata, or audio could be transmitted off-device to third parties during fallback processing.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
When the Parakeet provider is used, local audio extracted from a Bilibili video is sent over HTTP to a configurable transcription endpoint, with no explicit consent prompt, trust check, or transport-security enforcement. This can expose potentially sensitive audio content to an unintended service, especially because the default endpoint is plaintext `http://localhost:9001`, and the URL can be overridden to a remote host.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The code uploads raw audio content to Aliyun's remote ASR endpoint without any visible consent, warning, or policy gating. If users believe processing is local, sensitive speech content could be transmitted off-device unexpectedly, creating privacy and compliance risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code sends user-provided media to a third-party ASR backend via AliyunPureASR without any visible notice, consent flow, or indication of external transfer. In a skill that processes Bilibili audio/transcripts, this creates a real privacy and compliance risk because users may reasonably expect local processing while sensitive spoken content is transmitted off-box.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal