Skills
skills/openminis/minisskills/bilibili-hub/Gen Agent Trust Hub

bilibili-hub

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses subprocess.run to invoke the ffmpeg utility for merging downloaded video and audio streams. This execution is well-guarded: the executable path is resolved via shutil.which, and the filenames derived from video titles are sanitized using a regular expression to remove directory traversal and shell-sensitive characters.
  • [EXTERNAL_DOWNLOADS]: The skill downloads media content and subtitles directly from Bilibili's infrastructure using the aiohttp library. These operations are core to the skill's functionality and target the expected domain.
  • [DATA_EXPOSURE]: Authentication credentials (SESSDATA, bili_jct, etc.) are managed through environment variables rather than being hardcoded or stored in insecure locations. The skill documentation correctly instructs the user on how to populate these variables using platform-specific tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 11:48 AM