Is jianguo99/bilibili-update-viewer safe?

https://github.com/openclaw/skills/tree/main/skills/jianguo99/bilibili-update-viewer

89
SAFE

This skill appears to be a legitimate tool for checking Bilibili content creator updates, with functionality that matches its description. The primary security concern is the requirement for user authentication cookies, which poses a moderate risk if compromised. The code appears benign and focused on its stated purpose.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 80/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (4)

MEDIUM Requires User Authentication Cookies -15

The skill requires users to provide their Bilibili.com authentication cookies via the BILIBILI_COOKIES environment variable. While this is necessary for the skill's functionality, it represents a potential security risk if the cookies are compromised or misused.

LOW Executable Python Code with Network Requests -10

The skill contains Python code that makes HTTP requests to external Bilibili API endpoints. While the code appears legitimate, any executable code represents potential risk.

LOW Local Data Caching -10

The skill creates and maintains a local cache file (user_cache.json) to store user information, which could potentially contain sensitive data.

LOW External API Communication -5

The skill makes requests to external Bilibili API endpoints using user credentials, which could potentially be intercepted or logged.