ClawHub
Back to skill

Security audit

VideoToText — subtitles & summary

Security checks across malware telemetry and agentic risk

Overview

This skill uses Bilibili cookies and an optional LLM endpoint for subtitle extraction and summarization, and those sensitive behaviors are disclosed and aligned with its purpose.

Install only if you are comfortable providing your own Bilibili session cookies and, if LLM summaries are enabled, sending subtitle text to the configured model provider. Keep the .env file private, avoid shared or high-value accounts, and rotate cookies or API keys if exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill explicitly describes use of environment variables, cookies, and outbound network access to Bilibili and an OpenAI-compatible API, but it does not declare corresponding permissions. This creates a transparency and consent gap: an agent/operator may execute a skill with secret access and external transmission capabilities without clear upfront permission scoping.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
This code reads Bilibili authentication material from environment variables/settings and automatically attaches it to outbound requests as a Cookie header. While this appears to be functional rather than malicious, it handles reusable session credentials that grant account access, so compromise of logs, downstream request handling, or unintended reuse could expose a user's Bilibili account or private/login-gated subtitle access.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The code sends the video title and up to 60,000 characters of subtitle text to a configurable external LLM endpoint, which can expose potentially sensitive or copyrighted content to a third party. There is no evidence in this file of consent, disclosure, redaction, or allowlisting of trusted endpoints, so misconfiguration or unexpected deployment could cause silent data exfiltration outside the local system.

External Transmission

Medium
Category
Data Exfiltration
Content
### 接口顺序

1. `GET https://api.bilibili.com/x/web-interface/view?bvid=` — 取 `aid`、`pages`、标题、时长等。
2. `GET https://api.bilibili.com/x/player/wbi/v2?aid=&cid=&bvid=` — **优先**取字幕轨道列表(与 yt-dlp 一致,登录可见轨常在此)。
3. 若 `subtitles` 为空,再回退 `GET https://api.bilibili.com/x/player/v2`(部分稿件仅旧接口有轨,如部分 AI 字幕)。
4. 对每条轨道的 `subtitle_url` 再 **GET** 拉 JSON,`body[].content` 拼正文(`payload_to_text`)。
Confidence
87% confidence
Finding
https://api.bilibili.com/

External Transmission

Medium
Category
Data Exfiltration
Content
### 接口顺序

1. `GET https://api.bilibili.com/x/web-interface/view?bvid=` — 取 `aid`、`pages`、标题、时长等。
2. `GET https://api.bilibili.com/x/player/wbi/v2?aid=&cid=&bvid=` — **优先**取字幕轨道列表(与 yt-dlp 一致,登录可见轨常在此)。
3. 若 `subtitles` 为空,再回退 `GET https://api.bilibili.com/x/player/v2`(部分稿件仅旧接口有轨,如部分 AI 字幕)。
4. 对每条轨道的 `subtitle_url` 再 **GET** 拉 JSON,`body[].content` 拼正文(`payload_to_text`)。
Confidence
87% confidence
Finding
https://api.bilibili.com/

External Transmission

Medium
Category
Data Exfiltration
Content
1. `GET https://api.bilibili.com/x/web-interface/view?bvid=` — 取 `aid`、`pages`、标题、时长等。
2. `GET https://api.bilibili.com/x/player/wbi/v2?aid=&cid=&bvid=` — **优先**取字幕轨道列表(与 yt-dlp 一致,登录可见轨常在此)。
3. 若 `subtitles` 为空,再回退 `GET https://api.bilibili.com/x/player/v2`(部分稿件仅旧接口有轨,如部分 AI 字幕)。
4. 对每条轨道的 `subtitle_url` 再 **GET** 拉 JSON,`body[].content` 拼正文(`payload_to_text`)。

### 轨道选择与质量
Confidence
84% confidence
Finding
https://api.bilibili.com/

Env Variable Harvesting

High
Category
Data Exfiltration
Content
_log = logging.getLogger(__name__)

    raw_sess = (
        os.environ.get("BILIBILI_SESSION_TOKEN")
        or os.environ.get("SESSDATA")
        or (settings.bilibili_session_token or "").strip()
        or (settings.sessdata or "").strip()
Confidence
90% confidence
Finding
os.environ.get("BILIBILI_SESSION_TOKEN

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.