Skills
skills/dreammis/social-auto-upload/bilibili-upload/Gen Agent Trust Hub

bilibili-upload

Fail

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill documentation in references/runtime-requirements.md and references/troubleshooting.md recommends using https://gh-proxy.com/ to download binaries. This specific URL has been flagged by security scanners as malicious or phishing. Downloading executable files through an untrusted or flagged proxy poses a severe risk of Man-in-the-Middle (MitM) attacks and binary substitution.- [REMOTE_CODE_EXECUTION]: The skill is designed to automatically download and update the biliup executable from GitHub Releases at runtime. Executing binaries fetched from the internet without integrity verification (like checksums) is a high-risk pattern.- [COMMAND_EXECUTION]: The skill uses subprocess.run in scripts/examples/bilibili_cli_template.py and provides shell/PowerShell scripts to execute the sau CLI and the downloaded biliup binary. This allows for arbitrary command execution within the agent environment.
Recommendations
  • AI detected serious security threats
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 28, 2026, 03:32 AM