ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Bilibili Downloader

v1.0.1

Download videos, audio, subtitles, and covers from Bilibili using bilibili-api. Use when working with Bilibili content for downloading videos in various qual...

0· 148·0 current·0 all-time
by@sunshine-del-ux
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the included Python scripts: video/audio/subtitle/cover download logic is implemented using the bilibili_api library. The requested capabilities are coherent with the stated purpose.
Instruction Scope
SKILL.md and quick_guide tell the user to set a BILIBILI_SESSDATA cookie for premium content, but none of the included scripts read that environment variable or accept cookie parameters directly. download_config.json contains a cookies.SESSDATA placeholder that the scripts do not consume. This is an instruction/implementation mismatch (likely benign but confusing).
Install Mechanism
No install spec; this is an instruction-only skill with bundled scripts that rely on pip-installed bilibili-api-python and ffmpeg. No remote downloads or archive extraction are present in the skill package itself.
Credentials
The skill documentation asks the user to export BILIBILI_SESSDATA for authenticated downloads, but requires.env does not declare any credentials. Because the scripts don't directly read environment variables, it's unclear whether credentials would be used by the included code or delegated to the external bilibili_api library. Requesting sensitive cookies is reasonable for the stated purpose, but the lack of explicit handling is an inconsistency to be aware of.
Persistence & Privilege
always is false, the skill does not request persistent agent-wide privileges, and the bundled scripts operate as normal CLI scripts without modifying other skills or system-wide configuration.
What to consider before installing
This package appears to implement a normal Bilibili downloader, but there are a few small inconsistencies you should check before running or providing secrets: - The SKILL.md suggests exporting BILIBILI_SESSDATA (a browser cookie) for premium content, but the provided scripts do not read that env var or consume cookies from the provided config file. Do not paste your real SESSDATA into config files or environment variables until you confirm where it's used. Prefer running without credentials for public content. - The bundled scripts use the third-party package bilibili-api-python (install via pip). Inspect that library's source or install it in an isolated environment (virtualenv/container) before running. - The package metadata in _meta.json has a different ownerId than the registry metadata shown; this could mean repackaging or inconsistent metadata—verify the source and trustworthiness of the skill before use. - There are no remote installers in the skill, which reduces risk. Still: run the scripts locally in a sandbox (or review them line-by-line) and verify they behave as expected. If you must download private/premium content, only provide authentication tokens/cookies to code you trust; rotate cookies after testing. If you want higher confidence, ask the publisher for the canonical homepage or repo, confirm the bilibili-api-python package name and its maintainers, and request that the skill explicitly document and/or use credentials in code (so you can review handling) rather than only in prose.

Like a lobster shell, security has layers — review code before you run it.

latestvk979440290jtbnm9500t4erxt182yvy3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Bilibili Downloader

Quick Start

Download a video by URL:

pip install bilibili-api-python
python -c "
from bilibili_api import video, sync
v = video.Video(bvid='BV1xx411c7m2')
sync(v.download(output='./video.mp4'))
"

Download Options

Video Quality

  • Specify quality with qn parameter (127=8K, 126=杜比, 125=1080P+, etc.)
  • Default selects best available quality

Audio Download

  • Download original soundtrack: v.download_audious(output='./audio.mp3')
  • Supports various audio formats

Subtitles

  • Get available subtitles: v.get_subtitle()
  • Download subtitle files: sync(v.download_subtitle(output='./'))

Covers and Thumbnails

  • Get cover URL: v.get_cover()
  • Download cover: sync(v.download_cover(output='./cover.jpg'))

Common Tasks

Download Single Video

from bilibili_api import video, sync
v = video.Video(bvid='BV1xx411c7m2')
sync(v.download(output='./video.mp4'))

Download with Specific Quality

from bilibili_api import video, sync
v = video.Video(bvid='BV1xx411c7m2')
info = v.get_download_url(qn=127)  # 8K quality

Download Entire Playlist

from bilibili_api import video, sync
from bilibili_api import playlist

pl = playlist.Playlist(playlist_id='123456')
for v in sync(pl.get_videos()):
    sync(v.download(output=f'./playlist/{v["title"]}.mp4'))

Download Audio Only

from bilibili_api import video, sync
v = video.Video(bvid='BV1xx411c7m2')
sync(v.download_audio(output='./audio.mp3'))

Authentication

For premium content, use browser cookies:

  1. Login to Bilibili in browser
  2. Export SESSDATA cookie value
  3. Set environment variable: export BILIBILI_SESSDATA='your_cookie_value'

Requirements

  • bilibili-api-python: pip install bilibili-api-python
  • ffmpeg: Required for video/audio processing
  • Python 3.8+

Resources

scripts/

Utility scripts for common download operations.

references/

  • API documentation from bilibili-api repo
  • Quality codes reference (qn values)
  • Cookie setup guide

assets/

Download templates and configuration examples.

Files

10 total
Select a file
Select a file to preview.

Comments

Loading comments…