Back to skill

Security audit

Bilibili Danmaku

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says: fetch public Bilibili bullet comments and analyze them locally, with ordinary dependency and data-handling cautions.

Install only if you are comfortable running a local Python environment that downloads third-party packages. Use it for public Bilibili videos, choose the output directory deliberately, and review generated comment datasets and reports before sharing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Unpinned Dependencies

Low
Category
Supply Chain
Content
jieba>=0.42.1
snownlp>=0.12.3
wordcloud>=1.9.3
pillow>=10.3.0
Confidence
96% confidence
Finding
jieba>=0.42.1

Unpinned Dependencies

Low
Category
Supply Chain
Content
jieba>=0.42.1
snownlp>=0.12.3
wordcloud>=1.9.3
pillow>=10.3.0
numpy>=1.26.4
Confidence
96% confidence
Finding
snownlp>=0.12.3

Unpinned Dependencies

Low
Category
Supply Chain
Content
jieba>=0.42.1
snownlp>=0.12.3
wordcloud>=1.9.3
pillow>=10.3.0
numpy>=1.26.4
Confidence
96% confidence
Finding
wordcloud>=1.9.3

Unpinned Dependencies

Low
Category
Supply Chain
Content
jieba>=0.42.1
snownlp>=0.12.3
wordcloud>=1.9.3
pillow>=10.3.0
numpy>=1.26.4
Confidence
97% confidence
Finding
pillow>=10.3.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
snownlp>=0.12.3
wordcloud>=1.9.3
pillow>=10.3.0
numpy>=1.26.4
Confidence
95% confidence
Finding
numpy>=1.26.4

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.