Back to skill
Skillv1.0.0
ClawScan security
BiliBili-Danmaku-Analyzer-v1 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 8, 2026, 5:39 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and dependencies are consistent with its stated purpose (fetching Bilibili danmaku and preparing LLM-analysis prompts); it requests no extra credentials and makes only expected Bilibili API calls.
- Guidance
- This skill appears coherent and limited to fetching public Bilibili metadata/danmaku and preparing analysis prompts for a model. Before installing, note: (1) it will make network requests to Bilibili (rate limits and 403/412 may occur); (2) the script generates text (sampled danmaku) that you will typically send to an external LLM — if you plan to send the output to a third‑party model, consider privacy/PII concerns and the LLM provider's data handling; (3) the source is marked unknown — if you need stronger assurance, review the entire main.py (it is straightforward) or obtain the skill from a trusted publisher.
Review Dimensions
- Purpose & Capability
- okName/description state B站弹幕舆情分析 and the code/README implement exactly that: extract BV, call api.bilibili.com for video info and dm/list.so for danmaku, parse XML, sample and produce analysis prompts. No unrelated services or privileges are requested.
- Instruction Scope
- okSKILL.md and main.py limit actions to network calls to Bilibili endpoints, parsing danmaku, building JSON/markdown and LLM prompts. The instructions do not ask the agent to read arbitrary local files, other credentials, or send data to unknown endpoints.
- Install Mechanism
- okNo install spec; repository is instruction+script only. requirements.txt only lists 'requests'. Nothing is downloaded from untrusted URLs and no archives are extracted.
- Credentials
- okThe skill requires no environment variables, no credentials, and does not reference config paths. All network calls are to documented Bilibili API endpoints shown in SKILL.md.
- Persistence & Privilege
- okalways:false and no code modifies other skill/system configs. The skill does not request persistent presence or elevated privileges.