Bilibili Downloader
ReviewAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward Bilibili downloader, with the main cautions being external dependency installation and optional use of a Bilibili session cookie.
Before installing, verify the package publisher and dependencies, install bilibili-api-python and ffmpeg from trusted sources, and only provide a Bilibili SESSDATA cookie if you need authenticated or premium downloads. Treat that cookie as a password and avoid storing or sharing it unnecessarily.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you provide this cookie, the downloader or its library can act as your logged-in Bilibili session; leaking it could expose your account session.
SESSDATA is a live Bilibili session credential. Its use is purpose-aligned for premium downloads, but the registry metadata declares no required credential or environment variable.
For premium content, use browser cookies: ... Export SESSDATA cookie value ... export BILIBILI_SESSDATA='your_cookie_value'
Use the cookie only when needed, treat it like a password, avoid pasting it into shared chats or logs, and unset or rotate it after use.
Installing an unexpected or compromised dependency could affect the local environment used for downloads.
The skill relies on manually installed external tooling that is not captured in an install spec and is not version-pinned. This is expected for the downloader purpose but should be installed from trusted sources.
bilibili-api-python: `pip install bilibili-api-python` - ffmpeg: Required for video/audio processing
Install dependencies from trusted package sources, consider pinning known-good versions, and verify ffmpeg before use.
The package identity is slightly ambiguous, so users have less assurance that the artifact metadata and registry entry describe the same release.
The bundled metadata does not match the registry metadata shown for this review, which lists a different owner ID, slug, and version. This is a provenance ambiguity, not evidence of malicious behavior.
"ownerId": "kn75ncb7kangfy6hsnqr4mfyh580cqjg", "slug": "bilibili-downloader", "version": "1.0.0"
Verify the publisher and version before installing, especially if relying on this skill in a trusted or automated environment.