ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

VideoToText — subtitles & summary

v1.0.0

指导稳定拉取 B 站官方字幕(应对限流/登录可见轨道)、并用 OpenAI 兼容接口生成中文总结稿;技能包内含 code/ 镜像源码与 env 模板,可打 zip 给 OpenClaw 离线使用。 适用于 Bilibili 链接解析、字幕提取失败排查、SESSDATA/Cookie、WBI player 字幕、字...

1· 21·0 current·0 all-time
byWillGuo@willguo715
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's name and description match the included code: it extracts Bilibili subtitles and posts them to an OpenAI-compatible endpoint for summarization. However the registry metadata declares no required environment variables or credentials, while the code and SKILL.md clearly expect sensitive env vars (SESSDATA, BILI_JCT, DEDEUSERID, OPENAI/SUMMARY_LLM_* keys). The omission in the registry is an inconsistency that reduces transparency.
Instruction Scope
SKILL.md's runtime instructions align with the code: expand short URLs, fetch view/player/subtitle JSON, optionally use user-provided Cookie values, and send subtitle text + title to a configured LLM chat/completions endpoint. The instructions do not direct the agent to read unrelated files, nor to exfiltrate anything to hidden endpoints. Important operational behavior: the skill will transmit full subtitle text (potentially private) to whatever SUMMARY_LLM_BASE_URL / CHAT_COMPLETIONS_URL is configured, using SUMMARY_LLM_API_KEY or OPENAI_API_KEY if set.
Install Mechanism
There is no install spec and the skill is instruction-only with a code mirror included. That minimizes opaque installation steps. The included requirements-code.txt lists httpx, pydantic, and yt-dlp (normal for this function). No remote download URLs or archive extraction are present in the manifest.
!
Credentials
The code legitimately needs Bilibili login tokens (SESSDATA and optional BILI_JCT/DEDEUSERID...) to fetch login-only subtitles and an LLM API key or base URL for summaries. Those are sensitive secrets. The problem: the registry metadata lists no required env vars, so the skill fails the transparency test — it asks for credentials in code/instructions but does not declare them up front. Also settings.py tries to locate a .env file via a path heuristic; depending on where the agent runs that could pick up a different .env than the user expects (verify .env placement).
Persistence & Privilege
The skill does not request 'always: true' and does not claim to modify other skills or agent-wide settings. It does perform network calls and may be invoked autonomously (default), which is expected for this type of integration.
What to consider before installing
This skill appears to implement exactly what it says (pull Bilibili subtitles and call an LLM to summarize) but before installing or supplying secrets consider the following: - Transparency: the registry metadata did not declare the environment variables the code actually expects. Confirm with the publisher which env vars are required (SESSDATA, BILI_JCT, DEDEUSERID, SUMMARY_LLM_API_KEY / OPENAI_API_KEY, SUMMARY_LLM_BASE_URL/CHAT_COMpletions_URL, etc.). - Secrets: do not provide your main account SESSDATA/Cookie to an untrusted or unknown source. Prefer using a throwaway/test Bilibili account if you need to run the skill. Likewise, use an ephemeral or scoped LLM API key or a self-hosted LLM endpoint rather than your primary, high-value key. - Data exfiltration surface: the skill will send subtitle text (which may be private) and the video title to the configured LLM endpoint. Ensure SUMMARY_LLM_BASE_URL / SUMMARY_LLM_CHAT_COMPLETIONS_URL points to a trustworthy service and that you understand the privacy policy of that endpoint. - .env location and path resolution: settings.py contains heuristics to locate a .env file; verify that the skill reads the .env you intend (place the .env next to SKILL.md as instructed) so it doesn't accidentally read a different .env in the runtime environment. - Audit and run offline: because the package includes the relevant source files, consider running the code locally in an isolated environment first (inspect it, run with dummy values, or with no credentials) to confirm behavior. The requirements are straightforward (httpx, pydantic, yt-dlp) — install in a virtualenv. - Publisher provenance: there is no homepage and the registry metadata lists an opaque owner ID. If you cannot verify the author or repository origin, exercise extra caution with credentials and prefer manual/local execution instead of granting agent-level access. If you need, I can: (a) list exactly which env variables the code reads and where, (b) point out the lines that assemble and send Cookie/LLM requests, or (c) produce a minimal safe-run checklist to test the skill without exposing real secrets.

Like a lobster shell, security has layers — review code before you run it.

latestvk978jywxs9c5zfr0xbebmzawvd84742f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments