Skillv1.0.2

ClawScan security

b站视频自动生成高质量图文笔记自动截图并上传至Notion笔记 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 12, 2026, 3:46 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (convert B站 subtitles into Notion learning notes) is reasonable and mostly implemented, but there are multiple inconsistencies and unsafe patterns (undeclared required credentials, mixed responsibilities between model and scripts, and shell invocation risks) that make it suspicious until clarified.
Guidance: Summary of what to consider before installing/running: 1) Credentials: The registry lists no required env vars, but the code and docs require NOTION_API_KEY (and usually NOTION_DATABASE_ID). Do not provide your Notion token to untrusted code. Prefer passing a token with least privileges and test in a throwaway workspace. 2) Clarify processing responsibility: SKILL.md says the model should do subtitle processing, but scripts still call process_subtitles.py and expect JSON output. Ask the author which component does the processing and confirm what will be run automatically. 3) Command-injection risk: Several workflow scripts build shell commands containing user-provided inputs and use shell=True (e.g., bilibili_to_notion_workflow.py). If you run this skill locally, avoid feeding untrusted inputs. Run inside a restricted environment (container/VM) and inspect inputs for quotes/newlines. The maintainer should sanitize/avoid shell=True and pass args as lists. 4) Notion uploads and file handling: The code uploads local images to Notion and posts to an upload_url returned by Notion. This is expected for file uploads, but verify it only communicates with notion.so endpoints and that you understand file size/privacy implications for screenshots (they will be uploaded to Notion and accessible to that workspace). 5) Bilibili login: Some videos require login/cookies. The skill may instruct you to login or supply cookies; avoid giving long-lived account credentials unless necessary. Prefer public videos or per-run short-lived auth. 6) Before running: Review the scripts in a safe environment; run a dry run on a test Notion workspace; check whether process_subtitles.py will be used (and examine its behavior). Replace shell=True calls with safe argument lists or run the workflow script in a container. If you want, I can: (a) list the exact lines that use shell=True and construct unsafe commands, (b) point to every place token/paths are interpolated into shell strings, or (c) suggest concrete code fixes to remove shell=True and sanitize inputs.

Review Dimensions

Purpose & Capability: noteThe code and documentation implement exactly the advertised functionality (download B站 subtitles, extract screenshots, upload to Notion, create structured notes). However the registry metadata declares no required environment variables or primary credential while the SKILL.md, CONFIGURATION.md and scripts clearly require a Notion API token (NOTION_API_KEY) and often a database id (NOTION_DATABASE_ID) — this mismatch is an incoherence that should be fixed before trusting the skill.
Instruction Scope: concernSKILL.md instructs the language model to perform full subtitle processing (reading entire subtitle files, adding screenshot markers, producing JSON/Markdown). But several scripts (e.g., bilibili_to_notion.py, bilibili_to_notion_workflow.py) still call a local process_subtitles.py and other local scripts. The SKILL.md also asks the model to act as the sole text-processor while the code base retains processing scripts — inconsistent division of responsibility. More importantly, runtime instructions and scripts accept and embed user-supplied strings into shell commands and CLI arguments, which can lead to command injection if inputs aren't sanitized.
Install Mechanism: okThere is no automated install spec in the registry (instruction-only), and the SKILL.md recommends fetching BBDown from a GitHub Releases URL and installing ffmpeg via system package manager — these are standard and from expected sources. No obscure download hosts or archive-extraction installs are present in the provided materials.
Credentials: concernAlthough registry metadata claims no required env vars, the documentation and scripts require a Notion API token (NOTION_API_KEY) and often a database id (NOTION_DATABASE_ID) and may accept tokens via CLI arguments. Requesting a single Notion token for Notion integration is proportionate, but the metadata omission is an inconsistency. Also the workflow notes indicate optional BBDown login/cookies for downloading some videos — expected but means the skill may require additional secrets (Bilibili cookies) in some cases. Overall the required credentials are not excessive for the stated purpose but their absence from the declared requirements is a red flag.
Persistence & Privilege: okThe skill does not request always:true or other elevated runtime privileges. It is not force-included. It does not attempt to modify other skills or system-wide configs in the provided files.