Security audit

Bili Collection Pipeline

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed media transcription pipeline that downloads videos and writes local transcripts, with some dependency and privacy cautions but no evidence of hidden or malicious behavior.

Install only if you are comfortable with a tool that contacts Bilibili/YouTube, invokes local media tools, downloads media, and writes transcript files locally. Run it in a dedicated workspace with enough disk space, review playlist URLs first, update or pin dependencies before use, and do not use optional external LLM cleanup unless transcript content is safe to send to that provider.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill advertises and orchestrates network access, shelling out to external binaries, and reading/writing files, but it does not declare corresponding permissions. That mismatch is dangerous because users and any enforcement layer cannot accurately understand or constrain what the skill will do, increasing the chance of unintended downloads, command execution, or disk writes.

Missing User Warnings

Low

Confidence: 87% confidence
Finding: The usage guidance describes batch transcription but does not warn that it will download potentially large media files and write multiple transcript and progress artifacts to disk. This can surprise users, consume storage/bandwidth, and cause accidental handling of copyrighted or sensitive media in local files.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The optional LLM post-processing step suggests sending transcript content to third-party APIs without a privacy warning. Transcripts may contain personal, proprietary, or copyrighted content, so forwarding them to external providers can create confidentiality, compliance, and data-retention risks.

Unpinned Dependencies

Low

Category: Supply Chain
Content: faster-whisper>=1.1.0 requests>=2.28.0
Confidence: 90% confidence
Finding: requests>=2.28.0

Known Vulnerable Dependency: requests==2.28.0 — 5 advisory(ies): CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi); CVE-2026-25645 (Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility func) +2 more

High

Category: Supply Chain
Confidence: 98% confidence
Finding: requests==2.28.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.