ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Bilibili Up To Kb

v0.1.0

Convert Bilibili (B站) videos into a searchable text knowledge base. Supports single videos and batch processing of entire UP主 channels. Uses local whisper.cp...

1· 393·1 current·1 all-time
by@shanjiaming
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match what the scripts do: download Bilibili videos, run whisper.cpp locally, clean via an LLM-style tool, and build a KB. The skill does not declare required env vars in registry metadata even though SKILL.md and scripts reference WHISPER_CLI, WHISPER_MODEL, OPENCODE_BIN, CLEAN_MODEL and optional GEMINI_API_KEY and browser cookies. That mismatch is unexpected but not necessarily malicious.
!
Instruction Scope
The scripts perform exactly the data flows described (yt-dlp → ffmpeg → whisper → clean with opencode → index). However, they optionally use --cookies-from-browser to access member-only content (this reads browser cookies via yt-dlp) and they feed transcript chunks into the opencode CLI. If opencode.run or the chosen CLEAN_MODEL execute remotely or fetch from a remote model hub, transcripts will be sent to a network service. The SKILL.md gives broad discretion (batching, auto-chunking) but the main risk is exfiltration of transcript text via third-party model/CLI or cloud LLM keys if configured (GEMINI_API_KEY referenced in docs).
Install Mechanism
There is no automated install spec (instruction-only), so nothing is dropped automatically. The references recommend downloading whisper models from Hugging Face or a mirror (hf-mirror.com) via curl — these are expected but are external downloads the user must trust. Because the skill doesn't auto-extract or run arbitrary remote payloads, installation risk is moderate but depends on which model/CLI the user chooses to install.
!
Credentials
Registry metadata lists no required credentials, which aligns with local whisper usage, but scripts and docs reference optional sensitive inputs: --cookies-from-browser (access to browser cookies), GEMINI_API_KEY (for an alternate summarize tool), and environment variables pointing at opencode and whisper binaries. Requesting browser cookies or an LLM API key is proportionate only for gated content or LLM-based cleaning — these are optional but sensitive. The skill does not require unrelated cloud credentials, so the issue is more about optional sensitive inputs that could expose transcripts to external services.
Persistence & Privilege
The skill is user-invocable, not always-enabled, and does not request persistent platform privileges. Scripts operate in working directories and temporary folders; they do not modify other skills or system-wide settings.
What to consider before installing
This skill appears to do what its description says, but before running it consider: 1) Don't pass browser cookies unless you trust the environment — that option can expose other site cookies from your browser to yt-dlp. 2) Confirm how the opencode CLI and the CLEAN_MODEL operate: if opencode runs inference remotely or downloads models at runtime, your transcripts will be sent to an external service. If you need privacy, ensure opencode is configured to run locally or disable cleaning. 3) Only download whisper models from trusted hosts (official GitHub or huggingface with verified URLs); be cautious using third‑party mirrors. 4) If you plan to use any cloud LLM key (GEMINI_API_KEY) for cleaning, assume transcripts will be sent to that provider. 5) Run the scripts in a sandboxed environment (container or VM) for initial tests and inspect network traffic if you are concerned about exfiltration. Providing confirmation from the author that opencode/minimax runs fully offline (or documentation showing local-only behavior) would increase confidence.

Like a lobster shell, security has layers — review code before you run it.

latestvk97aj1r38tn640qfvv9m2zrz7d8206fz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments