ClawHub

bilibili-video-analyzer

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it has a real local-code-execution bug and weak privacy guidance around login/session use and sending transcripts to outside AI tools.

Use only in an isolated environment and only for videos you are allowed to download and share. Avoid private or sensitive videos, review the full transcript before sending it to any LLM, and treat Bilibili login/session use carefully. The eval() frame-rate parsing bug should be fixed before routine use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

eval() call detected

High
Category
Dangerous Code Execution
Content
'duration': float(data.get('format', {}).get('duration', 0)),
            'width': int(video_stream.get('width', 0)),
            'height': int(video_stream.get('height', 0)),
            'fps': eval(video_stream.get('r_frame_rate', '0/1'))
        }
        
        return info
Confidence
99% confidence
Finding
'fps': eval(video_stream.get('r_frame_rate', '0/1'))

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill invokes shell commands, reads local artifacts, and writes output files, but it does not declare any permissions or clearly scope those capabilities. This creates a transparency and policy-enforcement gap: a host or user may approve the skill expecting passive analysis while it actually performs local downloads, transcription, and file generation.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The declared purpose suggests straightforward video analysis, but the documented workflow also performs authentication checks, may initiate Bilibili login, uses account session state, downloads remote content locally, and relies on external tooling. That mismatch can mislead users and platform policy controls, increasing the chance of unexpected credential use, local side effects, and execution of unreviewed external binaries.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README advertises QR-code login, video download, transcription, and AI analysis, which implies handling account/session data and sending video-derived content to external tools or APIs, but it provides no warning about what data is collected, stored, or transmitted. In a skill that processes user-supplied media and invokes third-party services such as Whisper and Claude, this omission can lead users to unknowingly expose private or copyrighted content and credentials.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill description does not clearly warn that it downloads external video content, stores local files, generates screenshots, and may consume substantial disk space. Users could invoke it without understanding that it performs persistent local actions on untrusted remote media, which increases privacy, storage, and operational risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The login-check step indicates the skill may inspect authentication state and prompt for Bilibili login, but the description does not adequately warn about account/session handling. Any workflow that touches cookies, sessions, or interactive login can expose sensitive account context or cause users to authenticate without informed consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The interactive flow explicitly tells users to copy full video metadata and complete subtitle content to third-party LLMs, but provides no privacy notice, consent check, redaction step, or data-classification guidance. This creates a real data-leakage risk because subtitles and metadata may contain copyrighted, private, regulated, or confidential material that gets sent outside the local environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal