bilibili-subtitle-downloader
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill stores Bilibili session cookies and credentials in
~/.openclaw/workspace/bilibili_cookie.txtandbilibili_cheese_session.json. These sensitive tokens are kept for persistent access but represent a risk of exposure if the local environment is compromised. - [COMMAND_EXECUTION]: The skill executes Python scripts (
download_and_chunk.pyandcheese_downloader.py) to handle data retrieval and processing. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes external subtitle data and includes it in prompts for a sub-agent.
- Ingestion points: Subtitles are fetched from Bilibili via the
requestsandaiohttplibraries. - Boundary markers: Basic headers are used in the summarization prompt (e.g., '字幕文件:'), but there are no strict delimiters or security instructions provided to the sub-agent to ignore embedded commands.
- Capability inventory: File writing, network requests to Bilibili APIs, and subprocess execution.
- Sanitization: No sanitization of the fetched subtitle content is performed before interpolation into the LLM prompt.
Audit Metadata