Back to skill
Skillv1.0.2
VirusTotal security
b站视频自动生成高质量图文笔记自动截图并上传至Notion笔记 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:01 AM
- Hash
- 7e017f2ad44041dba7958347e8a775b8eaa47abdbce33887f415b0d1660c4ad3
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: bilibili-cc-to-notion Version: 1.0.2 The skill bundle contains a critical security vulnerability in `bilibili_to_notion_workflow.py`, which uses `subprocess.run(shell=True)` with f-strings to execute commands containing unsanitized user inputs (such as the video URL and Notion token). This creates a direct path for Remote Code Execution (RCE) via shell injection. Additionally, the setup instructions in `SKILL.md` and `CONFIGURATION.md` encourage downloading and executing an external binary (`BBDown`) from a remote GitHub URL, which is a risky supply-chain practice. While the code logic appears aligned with its stated purpose of creating Notion notes, these severe security flaws and high-privilege operations (shell access, network calls, and credential handling) warrant a suspicious classification.
- External report
- View on VirusTotal