ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Bilibili Danmaku

v1.0.3

Fetch and analyze Bilibili video danmaku (bullet comments) from a Bilibili video URL/BVID, then output keyword frequency, SVG word cloud, sentiment distribut...

1· 356·2 current·2 all-time
by陈希瑞@smartloe
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description align with the included scripts: fetch_danmaku.py calls Bilibili APIs and downloads comment XML; analyze_danmaku.py performs jieba tokenization, SnowNLP sentiment, and wordcloud generation. No unrelated capabilities or unexpected credentials are requested.
Instruction Scope
SKILL.md directs running the provided scripts (ensure_env.sh, fetch_danmaku.py, analyze_danmaku.py). The instructions only touch files under the skill folder and the generated output; they do not instruct reading system files or exporting data to third-party endpoints beyond the expected Bilibili APIs.
Install Mechanism
No registry install spec; runtime helper ensure_env.sh creates a local virtualenv and pip-installs packages from requirements.txt (PyPI). This is expected for a Python analysis tool but does perform network downloads and installs third-party Python packages (jieba, snownlp, wordcloud, pillow, numpy).
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The code does not attempt to read secrets or other environment variables beyond normal operation.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It only creates a local .venv and output files in a chosen directory.
Assessment
This project appears coherent for danmaku collection and analysis. Before installing: (1) be aware ensure_env.sh will create a local virtualenv and pip-install packages from PyPI — review requirements.txt if you have strict supply-chain policies; (2) the fetch script makes network calls to api.bilibili.com and comment.bilibili.com (expected), so running it requires network access and may be subject to Bilibili's terms of service—confirm your use is permitted; (3) run in an isolated environment if you prefer (container or VM) to limit filesystem/network scope; (4) if you plan to supply custom stopword files or point analyze to arbitrary CSVs, ensure those inputs are trustworthy to avoid processing unexpected content.

Like a lobster shell, security has layers — review code before you run it.

latestvk9750m75ssjnmrbx62ssa4xksd822mn7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments