Bilibili Up To Kb
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its stated Bilibili transcription purpose, but it can automatically use Chrome browser cookies, sends transcript text to an external cleaning model, and has unsafe handling of untrusted video titles in a local Python command.
Review carefully before installing. Use it only on videos you intend to download/transcribe, avoid automatic browser-cookie use unless you understand the account access involved, consider a separate browser profile for cookies, cap concurrency for large channels, and disable or replace remote cleaning if transcript privacy matters.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may access Bilibili as the user's logged-in browser session and download or transcribe member-only/account-scoped content.
If direct access fails, the script automatically switches to using the local Chrome browser cookie store. Browser session cookies are sensitive account credentials, and this fallback is not gated by an explicit user approval step in the script.
if ! yt-dlp --flat-playlist --print url "$CHANNEL" >/dev/null 2>&1; then echo "Direct access failed, trying with browser cookies..." COOKIES_ARG="--cookies-from-browser chrome" fi
Require explicit user confirmation before using browser cookies, document exactly which browser/profile and site cookies are used, and prefer a separate least-privilege browser profile or user-provided cookie file.
A crafted or unusual video title could break metadata generation and may create a local code-injection path when processing untrusted videos.
A remote Bilibili title is used to build FILE_BASE and then interpolated directly into Python source code. The filename sanitizer removes some filename-dangerous characters but does not safely JSON/Python-escape quotes or newlines before execution.
TITLE=$(echo "$META_JSON" | python3 -c "import sys,json; print(json.load(sys.stdin).get('title',''))" ...)
SAFE_TITLE=$(sanitize "$TITLE")
...
'filename_base': '$FILE_BASE'Do not embed untrusted metadata inside a Python -c string. Pass FILE_BASE through argv, stdin, or an environment variable and serialize it with json.dumps or equivalent safe escaping.
Video transcripts, including member-only or sensitive content the user chose to process, may be shared with the configured model provider.
Transcript chunks are sent to an external opencode/Minimax model for cleaning. This is purpose-aligned and partially disclosed, but it means transcript content leaves the local machine.
MODEL="${CLEAN_MODEL:-opencode/minimax-m2.5-free}"
...
"$OPENCODE" run -m "$MODEL" --format json "${PROMPT}
${CHUNK_TEXT}"Clearly disclose the provider data flow, credential requirements, retention/privacy expectations, and provide an easy local-only or no-cleaning mode.
Users may install or run external tools/models without pinned versions or registry-enforced dependency checks.
The skill depends on several third-party tools and downloaded models, while the registry metadata declares no required binaries or install spec. This is expected for the purpose but leaves users to manage provenance and versions themselves.
**Required**: yt-dlp, ffmpeg, whisper.cpp (+ model), opencode CLI
Declare required binaries and environment variables in metadata, document trusted install sources, and pin or verify model/tool versions where practical.
Downloads, transcription, or remote cleaning calls may continue in the background, consuming resources or sending transcript chunks after the user stops interacting with the agent.
The documentation encourages user-directed background jobs for long-running work. This is disclosed and aligned with large channel processing, but it can keep running after the interactive session ends.
Use nohup to avoid session compaction killing processes: ```bash nohup bash scripts/batch_clean.sh ./kb/UP主名_UID/ 0 80 > /tmp/clean.log 2>&1 & ```
Before using nohup/background mode, choose conservative concurrency, monitor logs and processes, and document how to stop or resume jobs safely.