ClawHub

Bilibili Subtitles

Security checks across malware telemetry and agentic risk

Overview

This skill mostly does the advertised Bilibili subtitle extraction, but it should be reviewed because its troubleshooting path can use logged-in browser cookies without a clear consent boundary.

Install only if you are comfortable with yt-dlp being run locally for Bilibili URLs. Do not allow browser-cookie use unless you explicitly intend authenticated Bilibili access, avoid pasting cookie contents into chat, prefer a narrowly scoped cookies.txt file, and run the commands in a folder where generated subtitle files are expected.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
78% confidence
Finding
The activation description includes broad trigger phrases such as asking for summaries or answers based on video content, which can cause the skill to activate for ordinary requests that merely mention Bilibili or subtitles. Over-broad invocation increases the chance the agent runs external commands or accesses local tools unexpectedly, expanding attack surface and causing unintended data handling.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to use browser cookies or exported cookie files to bypass access restrictions, but does not require explicit informed user consent or emphasize that these are sensitive authenticated credentials. In an agent setting, this can lead to privacy-invasive access to local browser secrets and possible exposure of account session tokens beyond the user's expectation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal