Skills
skills/et06731/stream-clipper-skill/stream-clipper/Gen Agent Trust Hub

stream-clipper

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The Node.js CLI entry point (bin/cli.js) is vulnerable to shell command injection. It uses execSync to execute Python scripts by interpolating user-provided arguments (like URLs and file paths) directly into a command string. Although some arguments are wrapped in double quotes, an attacker can escape these using shell metacharacters (e.g., backticks, subshells, or command chaining characters) provided in the URL or output path arguments.
  • [CREDENTIALS_UNSAFE] (HIGH): Multiple scripts (scripts/query_video_stats.py, scripts/upload_clip.py) and the configuration file (config/streamer_templates.yaml) reference and read from cookies.json. This file contains sensitive Bilibili session data (SESSDATA, DedeUserID). Unauthorized access to this file would allow an attacker to hijack the user's Bilibili account. The skill's architecture relies on the presence of these raw credentials in the local filesystem without encryption or secure storage.
  • [INDIRECT_PROMPT_INJECTION] (HIGH): The skill possesses a high-risk vulnerability surface (Category 8). It ingests untrusted data from external sources including Bilibili/YouTube metadata, XML Danmaku (user comments), and transcribed subtitles.
  • Ingestion Points: scripts/download_stream.py (API/Web), scripts/analyze_danmaku.py (XML parsing).
  • Capability Inventory: High-privilege actions including subprocess execution, file writing, and network uploads to Bilibili via the biliup library.
  • Evidence: The skill uses automated analysis of user-generated content (danmaku/subtitles) to make decisions about video clipping and title generation. An attacker could embed instructions in live stream comments to influence the clipper's behavior or exfiltrate data via the title/description fields during the upload phase.
  • [REMOTE_CODE_EXECUTION] (MEDIUM): The package.json file includes a postinstall hook that executes node scripts/setup.js, which in turn executes pip install -r requirements.txt. While common for development tools, this pattern installs unverifiable third-party dependencies from external registries at installation time without integrity checks (hashes).
  • [DATA_EXFILTRATION] (MEDIUM): scripts/query_video_stats.py reads local session cookies and sends them to api.bilibili.com. While functionally necessary for the tool's purpose, this pattern represents a risk if the target domain were to be manipulated or if a proxy was injected.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:57 PM