ClawHub

B站 (bilibili) 热门视频监控

v1.0.21

生成B站热门视频日报并发送邮件。触发词:B站热门、bilibili日报、视频日报、热门视频

20· 6.5k·36 current·36 all-time
byJacob_code@jacobzwj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and SKILL.md match the stated purpose: retrieving B站 popular videos, extracting subtitles, calling an LLM (OpenRouter) to produce summaries, and sending an HTML email via SMTP. Required binaries (python3) and dependencies (requests) are proportionate. However the registry metadata lists no required env vars/credentials while the README/SKILL.md and scripts clearly expect BILIBILI cookies, an OpenRouter API key, and SMTP credentials — an inconsistency that should be resolved.
!
Instruction Scope
SKILL.md explicitly instructs the agent/user to collect highly sensitive data (full B站 cookies/SESSDATA, OpenRouter API key, Gmail app password) and to write them to a local config file. Those actions are within the functional scope but are sensitive; the document also contains agent-specific runtime directives (how the agent should relay progress and not send intermediary messages) and a pre-scan prompt-injection signal (unicode-control-chars). The instructions give broad freedom to prompt the user for secrets and save them, which is appropriate for the task but risky if the agent is allowed to run autonomously or if users don't understand the implications.
Install Mechanism
No remote install or download is declared (instruction-only with bundled Python scripts). That lowers supply-chain risk compared with arbitrary URL downloads. Dependencies are minimal (requests). The skill ships code files rather than installing from external sources.
!
Credentials
The sensitive credentials requested (BILIBILI cookies, OPENROUTER API key, SMTP_EMAIL and SMTP_PASSWORD) are functionally justified for the stated tasks. However the skill registry metadata did not declare these required env vars, creating a mismatch. Requiring a full browser cookie (SESSDATA) and an SMTP app password are high-sensitivity operations — they are proportionate to the feature set but warrant careful handling and user awareness.
Persistence & Privilege
The skill does not set always:true, but it also did not set disableModelInvocation:true — by default the model can invoke the skill. Given the skill's ability to request and accept secrets (via prompts or env vars) and to call external services (openrouter.ai, bilibili APIs, SMTP), allowing autonomous invocations increases risk. If you want to prevent the model from autonomously triggering credential prompts or executions, consider disabling model invocation or requiring explicit user invocation.
Scan Findings in Context
[unicode-control-chars] unexpected: Scanner detected unicode control characters in SKILL.md (a common prompt-injection technique). There is no legitimate reason for hidden control characters in a README/instruction file; this should be inspected and removed. It may be an attempt to manipulate agent behavior or evaluation output.
What to consider before installing
What to consider before installing or running this skill: - The skill legitimately needs: B站 session cookies (SESSDATA) to access some subtitles, an OpenRouter API key to run LLM summarization, and an SMTP email + app password to send mail. These are sensitive credentials — only provide them if you trust the code and run it on a machine you control. - Metadata mismatch: the registry lists no required env vars even though README/SKILL.md/code expect multiple secrets. Treat that as a red flag and ask the publisher to correct metadata. - Prompt-injection signal: SKILL.md contained unicode control characters. Inspect SKILL.md and other files for hidden/control characters or other suspicious strings before use; remove them if present. - Minimize blast radius: if you must test, run the scripts locally in an isolated environment (VM/container) and use throwaway credentials where possible (create a dedicated Gmail account and an app-specific password; use a disposable OpenRouter key with limited quota). Do not paste your primary B站 cookies on untrusted systems — consider skipping cookies and allow the tool to run in a reduced mode (no protected subtitles) if possible. - Autonomy: the skill allows model invocation by default. If you do not want the agent to autonomously request/persist secrets or run the scripts, set disableModelInvocation:true or require explicit user invocation. - Code review: scan the code for any unexpected network destinations. The visible endpoints are bilibili API, https://openrouter.ai, and SMTP host (default smtp.gmail.com). If you see other endpoints or obfuscated network calls, do not proceed. What would change this assessment: if the publisher updates registry metadata to declare required env vars, removes hidden control characters from SKILL.md, and documents explicit safeguards that prevent the model from autonomously requesting or storing credentials (or sets disableModelInvocation:true), the skill would move toward 'benign'. Conversely, hidden exfiltration code or remote downloads would increase the severity.

Like a lobster shell, security has layers — review code before you run it.

latestvk977xxvn2ew1j55hkvycfjvjq580rbm0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📺 Clawdis
OSmacOS · Linux · Windows
Binspython3

Comments