ClawHub

Bilibili Video Summarizer

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it asks users to expose and persist a live Bilibili session cookie while understating the account-security risk.

Install only if you trust the local agent environment and are comfortable using a Bilibili session cookie. Prefer manually creating the cookie file yourself with restrictive permissions instead of pasting SESSDATA into chat, use a low-risk account if possible, and revoke or rotate the session after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The skill's declared behavior omits sensitive operations, especially handling a local authentication cookie, while also advertising functionality not actually implemented in the skill itself. This mismatch undermines informed consent and can cause the agent or user to expose credentials or run actions they would not have authorized if the true behavior were clearly disclosed.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The statement that the cookie is 'never sent elsewhere' is misleading because the whole purpose of the cookie is to be attached to authenticated requests to Bilibili. Users may disclose a valid session token under a false sense of safety, which weakens informed consent and can lead to credential misuse if the agent, logs, or integrations handle it insecurely.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
Claiming the cookie does not give the agent control of the account overstates safety and understates the power of an authenticated session cookie. Even if the intended use is subtitle access, a valid SESSDATA token can often authorize other actions available to the logged-in session, so this wording may mislead users into handing over credentials with broader account impact than described.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill instructs collection and storage of the user's Bilibili session cookie, which is an authentication credential equivalent to account access, without any warning about sensitivity, scope, retention, or risk. In this context, the missing privacy and credential-handling safeguards make accidental account compromise or unauthorized reuse significantly more likely.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script reads and uses a persistent Bilibili cookie file containing authenticated session material (such as SESSDATA) without any explicit user warning, consent flow, or guidance about the privacy and account-security implications. In this skill context, that is more dangerous because the tool is meant to be triggered automatically for summarization tasks, so users may not realize an authenticated credential is being consumed and sent to a third-party downloader process.

Ssd 3

High
Confidence
99% confidence
Finding
The instructions explicitly tell the user to extract the SESSDATA cookie from the browser console and paste it back for storage, directly exposing a live authentication token. If intercepted, logged, or mishandled, that cookie can allow account hijacking and unauthorized access to the user's Bilibili session, making this especially dangerous in an agent/chat environment where transcripts may persist.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal