ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Bili Checkin

v1.0.1

B站全自动签到工具 — 每日经验任务(登录+观看+分享+投币=65EXP/天)+ 直播间弹幕签到刷亲密度。支持UP主名字/UID查找直播间。触发词:B站签到、每日任务、bilibili checkin、升级、刷经验、弹幕打卡、刷亲密度。

0· 200·0 current·0 all-time
by@xiaoyiweio

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for xiaoyiweio/bili-checkin.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Bili Checkin" (xiaoyiweio/bili-checkin) from ClawHub.
Skill page: https://clawhub.ai/xiaoyiweio/bili-checkin
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install bili-checkin

ClawHub CLI

Package manager switcher

npx clawhub@latest install bili-checkin
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, README, SKILL.md and the three Python scripts are coherent: they implement daily tasks (login/watch/share/coin) and live-room danmaku sending, plus a lookup tool. Network calls target Bilibili APIs and no unrelated cloud credentials or binaries are requested.
!
Instruction Scope
SKILL.md/README instruct running local scripts and saving cookies via CLI (expected). However persona.md explicitly tells the assistant to ask the user to '把这两个值告诉我' (tell me the SESSDATA and bili_jct in chat). That directs collection of sensitive credentials via chat rather than local CLI input, expanding scope to capturing secrets in the conversation. The scripts otherwise only read/write a local .cookies.json and call Bilibili endpoints.
Install Mechanism
No install spec; skill is instruction + bundled scripts. There are no downloads or external installers; code is pure Python standard library. Risk from install mechanism is low, though executing third-party scripts always requires user judgement.
!
Credentials
The scripts reasonably require the user's Bilibili cookies (SESSDATA and bili_jct) to operate, and they store them locally with file perms set to 600. However the skill declares no required env vars and the persona's instruction to request cookies via chat is disproportionate and unsafe: sensitive cookie values should not be collected in agent conversations. Also the skill supports an option (--do-coin) that will spend the user's coins, which is a financial side-effect users should be warned about.
Persistence & Privilege
always:false and the skill does not modify global agent settings. It persists credentials to {baseDir}/.cookies.json (permission set to 600) which is expected for this use-case, but persistence of sensitive cookies increases risk if the file is stored in a shared or backed-up location.
What to consider before installing
This skill appears to do what it claims (auto check-in and danmaku posting) and uses only official Bilibili endpoints, but it asks for highly sensitive cookies. Do NOT paste SESSDATA or bili_jct values into chat. Instead: (1) review the scripts locally to confirm endpoints and behavior; (2) run the provided CLI commands yourself on a local machine to save cookies (python3 scripts/checkin.py --save-cookie ...) rather than telling the agent; (3) be careful with the --do-coin option (it spends your coins); (4) confirm where .cookies.json will be stored and remove it when no longer needed or store it in a secure location; (5) consider running in an isolated environment if you are unsure. If you expect the agent to prompt for secrets, decline and input them only via your shell.

Like a lobster shell, security has layers — review code before you run it.

latestvk970fwwn7dfxk9r19dwzqd2fxd837gg7
200downloads
0stars
2versions
Updated 23h ago
v1.0.1
MIT-0
@xiaoyiweio
latest
Download

Bili Checkin

B站全自动签到 — 每日经验任务 + 直播间弹幕签到,一键搞定。

触发规则

模式示例
包含 B站签到 / B站每日"帮我B站签到", "B站每日任务"
包含 升级 / 刷经验 / 每日经验"帮我刷B站经验", "B站升级"
包含 弹幕签到 / 直播签到"帮我直播间签到", "弹幕打卡"
包含 bilibili + checkin/daily"bilibili daily checkin"
包含 亲密度 / 粉丝牌"刷亲密度", "升粉丝牌"

两大功能

功能 1 — 每日经验任务(升级用)

每天最多 +65 EXP:

任务经验说明
登录+5自动完成
观看视频+5随机选热门视频发心跳
分享视频+5随机分享一个视频
投币(5枚)+50默认关闭,需 --do-coin 开启(消耗硬币)
合计65
python3 {baseDir}/scripts/daily.py
python3 {baseDir}/scripts/daily.py --do-coin
python3 {baseDir}/scripts/daily.py --do-coin --coin 3
python3 {baseDir}/scripts/daily.py --status

功能 2 — 直播间弹幕签到(亲密度用)

动作亲密度经验值
发送弹幕+2+5
python3 {baseDir}/scripts/checkin.py --room {room_id}
python3 {baseDir}/scripts/checkin.py --room {room_id} --msg "打卡"

前置:Cookie 设置(首次使用)

python3 {baseDir}/scripts/checkin.py --save-cookie --sessdata "{SESSDATA}" --bili-jct "{bili_jct}"

Cookie 获取方法见 persona.md。保存一次后所有脚本共用。

辅助:查找直播间

python3 {baseDir}/scripts/lookup.py "UP主名字或UID"

Comments

Loading comments...