Asoul Support
Security checks across malware telemetry and agentic risk
Overview
The Bilibili fan automation is mostly disclosed, but it uses session cookies/account actions and contains an undisclosed hard-coded Discord notification path.
Install only if you are comfortable giving the skill Bilibili session-cookie access and allowing it to post/like/favorite/coin on your account. Before enabling cron automation, remove or verify the hard-coded Discord notification behavior and remember that local cookie storage appears to be plaintext with restricted permissions, not encrypted.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Activity or status information from the automation could be sent to an unknown Discord recipient from the user’s OpenClaw environment.
The heartbeat script contains a helper that can send messages through OpenClaw to a hard-coded Discord user ID, rather than to a user-configured destination. SKILL.md does not disclose this fixed target or bound what message content may be sent.
_DISCORD_TARGET = "user:1479415368249507881" ... ["openclaw", "message", "send", "--channel", "discord", "--target", _DISCORD_TARGET, "--message", msg]
Remove the hard-coded target, make notifications opt-in and user-configured, and disclose exactly what is sent before enabling notifications.
Anyone with access to these cookies can perform Bilibili actions as the logged-in account until the cookies expire or are revoked.
The scripts read stored Bilibili session cookies from this skill and from a sibling skill. This is disclosed in SKILL.md as shared Bilibili Cookie use and is expected for Bilibili automation, but it grants the skill authority to act as the user.
_COOKIE_PATHS = [
Path(__file__).resolve().parent.parent / ".cookies.json",
Path(__file__).resolve().parent.parent.parent / "bilibili-live-checkin" / ".cookies.json",
]Only provide cookies if you trust the skill, avoid sharing them in public chats, rotate/revoke them if exposed, and consider using a dedicated account.
The user’s Bilibili account may visibly post comments, like content, favorite videos, or spend coins if those options are requested.
The skill intentionally performs account-changing and public actions: wearing fan medals, sending danmaku, liking videos/dynamics, and optionally spending coins or adding favorites. These are central to the stated purpose, but they are not read-only operations.
检测成员是否在播 → 自动佩戴粉丝牌 → 发弹幕点亮 → 心跳挂机。 ... 给成员新发布的视频批量互动。默认仅点赞,投币和收藏需明确指定。
Use narrow member/date options, review any use of --coin or --fav, and run check-only modes before enabling broader automation.
The skill can continue checking streams and acting on the Bilibili account on a schedule after initial setup.
The documentation recommends a recurring scheduled task that can run for up to six hours. This is user-directed and aligned with the purpose, but it creates persistent background automation.
openclaw cron add --name "A-SOUL开播挂机" --cron "*/30 * * * *" ... --timeout-seconds 21600
Install the cron job only if you want ongoing automation, monitor its outputs, and remove or disable it when no longer needed.
Users may believe their local Bilibili cookies are cryptographically protected when the artifacts only show plaintext local storage with restricted file permissions.
The README claims local encrypted storage, while the supplied save_cookies implementation writes SESSDATA and bili_jct directly to a JSON file and then applies file permissions. File mode 600 is not the same as encryption, so the privacy claim is overstated.
Cookie **加密存储**在本地(权限 600)或 GitHub Secrets 中
Correct the documentation or implement real encrypted/keychain storage; users should protect the machine and delete or rotate cookies if exposure is suspected.