ClawHub

bilibili-search

v1.0.1

Real-time Bilibili video search and structured extraction of top trending video titles via local Playwright API for AI agents.

0· 56·0 current·0 all-time
by@raise7727
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description promise real-time Bilibili search via a local Playwright API; the code (index.js) issues an HTTP request to http://127.0.0.1:8000/api/search_bilibili and SKILL.md instructs you to run a local FastAPI/Playwright service. No unrelated credentials, binaries, or cloud access are requested.
Instruction Scope
SKILL.md confines runtime activity to a local FastAPI service and headless Playwright browsing. It does not instruct the agent to read arbitrary files or external endpoints. However, the Python service (skill_api.py) that performs scraping is not bundled—you must obtain and run that service yourself; review its code before running because it will control a headless browser and access the network.
Install Mechanism
No install spec is included and the skill is instruction-only with a small JS wrapper that only fetches localhost. This is low-risk from the skill package itself (no downloads or extracted archives).
Credentials
The skill requests no environment variables, credentials, or config paths. That matches the described behavior (it expects you to run a local service rather than provide keys).
Persistence & Privilege
always:false (normal). One behavioral note: the tool registration sets require_approval: "never" which means the agent may invoke the local endpoint without per-call user approval. Combined with normal autonomous invocation, that allows the agent to call localhost automatically; this is not inherently malicious but is a consideration for privacy and safety.
Assessment
This skill simply proxies requests to a local FastAPI service that you must install and run; review and trust that Python service before running it because it will drive Playwright (a headless browser) and access web pages. Confirm the service's code (skill_api.py) and any network calls it makes, and ensure it is bound to localhost only. Be aware the tool is registered with require_approval:"never" so the agent can call the local API without per-call confirmation; if you prefer explicit approval, seek a version that requires user consent or change the tool's approval setting. Also note a minor metadata mismatch (package version in _meta.json vs registry) — a sign to verify the source before trusting or running external components.

Like a lobster shell, security has layers — review code before you run it.

latestvk972n5gys869ecakqccg8p15h983t8wt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments