ClawHub

Bilibili All In One

v1.0.21

A comprehensive Bilibili toolkit that integrates hot trending monitoring, video downloading, video watching/playback, subtitle downloading, and video publish...

9· 10k·10 current·10 all-time
byenoyao@wscats
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the implemented modules (hot monitoring, downloader, player, subtitle, watcher, publisher). The only sensitive inputs are Bilibili session cookies which are appropriate for publishing and high-quality downloads. No unrelated cloud credentials, system-level access, or unexpected services are requested.
Instruction Scope
SKILL.md and code limit actions to Bilibili APIs and to explicit user triggers (the skill does not auto-activate on mere presence of BV links). Instructions explain three credential provisioning methods (env vars, credential file, direct parameters). The runtime instructions do allow optional persistence to disk and instruct how to obtain cookies via browser DevTools (copying session cookies) — this is sensitive but documented and consistent with the skill's purpose.
Install Mechanism
No custom or remote download/install is used; installation is 'pip install -r requirements.txt' with standard PyPI packages (httpx, aiohttp, beautifulsoup4, lxml, requests). This is a common, proportional install mechanism for a Python skill.
Credentials
No required environment variables; optional env vars are SESSDATA, bili_jct, buvid3, and BILIBILI_PERSIST — all directly related to Bilibili authentication/persistence. These are full browser session cookies (highly sensitive) and granting them provides broad account access; requiring them only for publish/high-quality downloads is proportional, but users must understand the risk.
Persistence & Privilege
always:false (normal). The skill supports optional persistence: when enabled it auto-saves credentials to .credentials.json (default path in the project root) with 0600 permissions. This behavior is explicit and opt-in, but storing full-session cookies on disk in shared environments increases risk and should be used with caution.
Assessment
This skill appears to implement what it claims. Before installing or using it: 1) Prefer using a throwaway/test Bilibili account if you must provide SESSDATA/bili_jct/buvid3 — these are full browser session cookies and grant broad access. 2) Do NOT enable persistence (BILIBILI_PERSIST or persist=True) in shared or untrusted workspaces; if you enable it, the file is saved as .credentials.json in the project root with 0600 permissions. 3) Review the code yourself if possible (auth.get_client and save_to_file are where credentials are handled). 4) Keep network access limited to expected domains (api.bilibili.com, member.bilibili.com, bilivideo upos domains) and avoid entering cookies in third-party UI prompts. 5) If you only need non-auth features (hot monitoring, standard downloads, subtitles, danmaku), do not provide credentials — the skill supports those without authentication.

Like a lobster shell, security has layers — review code before you run it.

latestvk976cx4w8v7zq5tq91h5wxag8x8460rs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments