Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
A-SOUL Support
v4.0.0A-SOUL 粉丝应援工具 — 检测开播自动点亮粉丝牌+移动端心跳挂机涨亲密度、视频点赞/投币/收藏、动态点赞。纯Python实现,零外部依赖。触发词:A-SOUL、asoul、签到、点赞、三连、应援、动态、点亮、粉丝牌、心跳、挂机、直播、嘉然、贝拉、乃琳、心宜、思诺。
⭐ 0· 145·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose (B站 fan support: heartbeat, danmaku, likes) matches the included scripts and behavior. However the package metadata declares no required credentials or binaries, while the code and SKILL.md clearly require Bilibili cookies (SESSDATA, bili_jct) and call the 'openclaw' CLI for notifications. Not declaring those requirements in metadata is an incoherence a user should notice.
Instruction Scope
SKILL.md and README explicitly instruct the user to provide SESSDATA and bili_jct (via local save or GitHub Actions secrets) and to create cron/tasks. The runtime scripts read and write a .cookies.json in the skill repo location and also try to reuse a sibling bilibili-live-checkin .cookies.json — i.e., the skill will look for and reuse cookies saved by other skills. The runtime instructions therefore request access to sensitive account cookies and to create scheduled autonomous runs; these actions are necessary for the stated purpose but expand scope (credential storage, scheduled autonomous runs) and are not reflected in the metadata.
Install Mechanism
No install spec / no external downloads — the skill is instruction + Python scripts (zero external dependencies). That lowers supply-chain risk compared to fetching arbitrary binaries. The presence of multiple scripts in the bundle is consistent with its feature set.
Credentials
The skill's metadata lists no required environment variables or primary credential, yet the code and documentation require and use SESSDATA and bili_jct (Bilibili authentication cookies). The code stores these cookies in a local .cookies.json file and will also read cookies from a sibling bilibili-live-checkin path. Additionally, the scripts call an external CLI ('openclaw') for notifications but the binary is not declared as required. Asking for persistent account cookies / reusing other skills' cookie files without declaring them is a proportionality and transparency issue.
Persistence & Privilege
always:false (good) but model invocation is enabled (default), and SKILL.md recommends cron/automated runs and GitHub Actions. Combined with stored authentication cookies this grants the skill the ability to run autonomously and perform account actions (danmaku, heartbeats, likes) on the user's behalf. The heartbeat script also invokes an outbound notification via the openclaw CLI to a hard-coded Discord target id — this creates an external signal of activity (and possibly timing) to a third party if the openclaw CLI exists and is configured. These behaviors increase blast radius and deserve explicit user review.
What to consider before installing
What to check before installing or running this skill:
- The skill requires your Bilibili login cookies (SESSDATA and bili_jct) to operate, but the package metadata does not declare those credentials. Do not provide cookies unless you trust the code and author.
- The scripts will save cookies to a local .cookies.json inside the skill/repo path and will also try to read cookies from a sibling bilibili-live-checkin directory — this means the skill can reuse credentials saved by other skills. If you store cookies there, they become usable by this skill too.
- The heartbeat script can run automatically (cron / GitHub Actions / OpenClaw cron) and will use those cookies to send danmaku, call mobileHeartBeat endpoints, and perform likes/coins/favs if configured. Consider whether you want an automated process to have persistent access to your account.
- The heartbeat script calls the OpenClaw CLI to send notifications to a hard-coded Discord target (via openclaw message send). If you have an openclaw binary configured it may notify an external recipient about activity. If you do not want outbound notifications, ensure openclaw is not present or inspect/modify the code to remove _notify calls.
- If you plan to use GitHub Actions as the README suggests, put SESSDATA and bili_jct into your repository Secrets (not in plaintext files). Understand that Actions running in GitHub will use those secrets to operate — review the workflow file before enabling.
- If you decide to proceed, review the included Python files line-by-line (mobileHeartBeat signing, endpoints, any network calls), and consider running them in a controlled environment or under a throwaway account first. Remove or modify any notification/subprocess calls you don't want.
Why I'm suspicious: the core functionality is coherent, but the project hides required sensitive inputs and an outbound notification mechanism (openclaw→Discord) while not declaring them in metadata. That mismatch could be accidental/poor packaging or a deliberate omission. Review the code and deployment choices before granting credentials or enabling automated runs.Like a lobster shell, security has layers — review code before you run it.
asoulvk97exh2m9rmgg315x33k27aydx841y02automationvk97exh2m9rmgg315x33k27aydx841y02bilibilivk97exh2m9rmgg315x33k27aydx841y02checkinvk9723zjtmne5s8x32qt2m03qcx8396ekfan-medalvk97exh2m9rmgg315x33k27aydx841y02github-actionsvk9723zjtmne5s8x32qt2m03qcx8396ekheartbeatvk97exh2m9rmgg315x33k27aydx841y02latestvk97exh2m9rmgg315x33k27aydx841y02vtubervk97exh2m9rmgg315x33k27aydx841y02
License
MIT-0
Free to use, modify, and redistribute. No attribution required.