Trust Assessment
bilibili-monitor received a trust score of 23/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 9 findings: 1 critical, 1 high, 5 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Suspicious import: requests, Unpinned Python dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings9
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints Python requests POST/PUT to URL Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/jacobzwj/bilibili-hot-monitor/generate_report.py:47 | |
| HIGH | Potential Command Injection via User Input in Heredoc The skill constructs a shell command using `cat` and a heredoc to create `bilibili-monitor.json`. User-provided sensitive inputs (e.g., Bilibili Cookies, OpenRouter API Key, Gmail App Password, Recipient Emails) are intended to be substituted into this heredoc. If the AI agent performs direct string substitution without proper shell escaping or JSON escaping, a malicious user input containing shell metacharacters (e.g., `"; rm -rf /; echo "`) or JSON-breaking characters could lead to arbitrary command execution or malformed configuration. The AI agent should use a safer method to create configuration files, such as a dedicated Python script that uses `json.dump` to serialize user inputs, ensuring proper JSON escaping and preventing shell injection. If shell commands are necessary, all user-provided variables must be rigorously sanitized and shell-escaped before inclusion. | LLM | SKILL.md:96 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/jacobzwj/bilibili-hot-monitor/bilibili_api.py:23 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/jacobzwj/bilibili-hot-monitor/bilibili_subtitle.py:10 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/jacobzwj/bilibili-hot-monitor/generate_report.py:21 | |
| MEDIUM | Unpinned Python dependency version Requirement 'requests>=2.28.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/jacobzwj/bilibili-hot-monitor/requirements.txt:1 | |
| MEDIUM | Collection and Local Storage of Sensitive Credentials The skill explicitly prompts the user for highly sensitive credentials including Bilibili cookies (SESSDATA, bili_jct, buvid3, DedeUserID), an OpenRouter API Key, and Gmail sender email with an application password. These credentials are then stored in plaintext within a local JSON configuration file (`bilibili-monitor.json`). While the skill states these are stored locally and excluded by `.gitignore`, storing such sensitive information in a file, even locally, increases the risk of exposure if the file system is compromised or if the file is inadvertently accessed or exfiltrated by other processes. Advise users about the risks associated with storing sensitive credentials in local files. Recommend using more secure credential management solutions (e.g., OS-level secret stores, environment variables for ephemeral use, or encrypted configuration files) instead of plaintext files. Ensure the configuration file has strict file system permissions. | LLM | SKILL.md:40 | |
| LOW | Unpinned Dependency Version The `requirements.txt` file specifies `requests>=2.28.0`. While this ensures a minimum version, it does not pin the dependency to an exact version. This can lead to non-reproducible builds, unexpected behavior, or potential compatibility issues if a newer version of `requests` introduces breaking changes or security vulnerabilities that are not immediately identified. Pin all dependencies to exact versions (e.g., `requests==2.31.0`) to ensure consistent and reproducible environments. Regularly update and review dependencies for security patches. | LLM | requirements.txt:1 | |
| INFO | Transmission of User Data to Third-Party AI and Email Services The skill's core functionality involves sending user-related data to external services. Specifically, video subtitle content (derived from Bilibili) and video titles are transmitted to `openrouter.ai` for AI summarization. Additionally, the generated report, which contains these summaries, is sent via email using SMTP to user-specified recipient addresses. While this is the intended behavior of the skill, users should be explicitly aware that their data is being processed and transmitted by third-party services. Clearly state in the skill's documentation or during setup that video content (via subtitles) will be sent to OpenRouter for processing and that the generated report will be emailed to specified recipients. Provide links to the privacy policies of these third-party services if possible. | LLM | generate_report.py:50 |
Scan History
Embed Code
[](https://skillshield.io/report/9dcb32dce620ece0)
Powered by SkillShield