Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
link-resolver-engine
v1.0.4当用户想要**下载抖音视频**、**下载B站视频**、**解析无水印直链**、**提取最高画质视频**、**把视频下下来**、**保存抖音/B站视频**时自动触发。 专门处理哔哩哔哩(Bilibili/B站)和抖音(Douyin)的任意视频链接(包括短链 b23.tv、douyin.com、bilibili.co...
⭐ 0· 67·0 current·0 all-time
by顶尖王牌程序员@wangminrui2022
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description claim a downloader for B站 and 抖音; the code implements that and provides multiple parsing/download strategies (yt-dlp, requests+ffmpeg, Playwright). Functionality is coherent with purpose. However the code also includes broad environment/bootstrap behaviour (auto-install packages, download browser and ffmpeg, create a VENV at a project-level path) that is more invasive than a simple link-resolver and not clearly justified in the high-level description.
Instruction Scope
SKILL.md instructs running scripts locally and claims '完全离线运行 (仅在需要时使用网络下载视频)'. In reality the Python modules perform network installs at import time: ensure_package.pip(...) calls pip, and both bilibili_video.py and douyin_video.py call subprocess to run 'playwright install chromium' during module import. env_manager can create a virtualenv and re-exec the main script. The modules read/write files (downloads, logs, models, venv) and execute subprocesses (ffmpeg, playwright installers). These actions are outside a minimal 'parse-and-return-a-link' scope and should be explicitly stated in SKILL.md.
Install Mechanism
There is no declared platform install spec, but the code auto-installs Python packages from PyPI (via a Tsinghua mirror) and runs external installers: 'playwright install chromium' (downloads browser binaries), and ffmpeg_downloader runs 'ffdl install' which pulls ffmpeg from third-party hosts (gyan.dev, johnvansickle, evermeet). These are active network downloads of binary artifacts from third-party sites and occur automatically during import/runtime. That increases risk because arbitrary code/binaries are fetched and executed without prior explicit consent.
Credentials
The skill requests no environment variables or credentials (good). Still, it writes to multiple filesystem locations (downloads/, logs/, models/, and a VENV_DIR located via ProjectPaths which resolves to a venv path outside the scripts directory). env_manager enforces Python 3.10–3.12 and will exit otherwise. While no secrets are requested, the code can modify the host environment (create venv, install packages, add ffmpeg to PATH), which is more privileged than a simple parser and should be considered by the user.
Persistence & Privilege
always:false (good). Nevertheless, the skill creates persistent artifacts: a virtual environment at a project-parent location (VENV_DIR), log files under LOG_DIR, downloaded ffmpeg binaries added to PATH via ffmpeg_downloader, and downloaded browser binaries. env_manager re-executes the main script inside the created venv (subprocess + sys.exit). While not changing other skills' configs, these actions give the skill ongoing filesystem presence and the ability to run installers on the host without explicit install steps.
Scan Findings in Context
[unicode-control-chars] unexpected: The pre-scan detected unicode-control characters in SKILL.md. This can be used to obfuscate or manipulate rendered text (prompt-injection). It doesn't itself prove maliciousness, but combined with the skill auto-installing and executing external installers it increases suspicion; the SKILL.md text should be reviewed in a text editor that reveals hidden/control characters.
What to consider before installing
This skill does implement Bilibili/Douyin parsing and downloading, but it is more invasive than the high-level description suggests. Notably: (1) importing the modules triggers pip installs and 'playwright install chromium' which download and install browser binaries; (2) it will attempt to auto-download ffmpeg via ffmpeg_downloader (third-party hosts) and add it to PATH; (3) it can create a virtual environment in a project-parent 'venv' path and re-run the script inside it; (4) many installs run via subprocess and may affect your system Python environment if not already in a venv. Before installing/using this skill, consider: run it in an isolated sandbox/container or VM; inspect and run the code manually rather than letting the agent auto-import it; verify the exact VENV_DIR path and agree to the downloads (Playwright/Chromium, ffmpeg); remove or modify automatic-install lines if you prefer to manage dependencies yourself; and be mindful of legal restrictions on downloading copyrighted videos. If you want lower risk, request an instruction-only variant that returns direct video URLs without auto-installing or creating venvs.Like a lobster shell, security has layers — review code before you run it.
latestvk971bmtz2p49p9gw81b2jq2zr584ay9k
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binspython