Bilibili Danmaku
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears purpose-aligned: it fetches public Bilibili danmaku and analyzes it locally, with normal cautions around installing Python packages and generating output files.
Before installing, be comfortable running a local setup script that installs Python packages. Use the skill for public Bilibili content, avoid sensitive output locations, and review generated comment datasets and reports before sharing.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill's environment will download and run third-party Python package code locally.
The first-use setup installs third-party Python packages into a local virtual environment. This is expected for the analysis workflow, but it creates a normal package-supply-chain surface.
"$PIP" install -r "$REQ_FILE"
Run setup in a normal user account, prefer a project directory, and consider pinning or reviewing dependencies if you need stronger reproducibility.
Bilibili will receive requests for the video metadata/comment data being analyzed, and the downloaded comments are stored in local output files.
The fetcher contacts Bilibili's public danmaku endpoint to retrieve comment XML. This is central to the skill's purpose and is disclosed, but it is still an external network operation.
xml_url = f"https://comment.bilibili.com/{cid}.xml"Use it for public videos, and review generated CSV/JSON/report files before sharing them outside your workspace.