← 返回 Skills 市场
Bilibili Subtitle Downloader
作者
达芬奇_Davinci
· GitHub ↗
· v1.0.0
4332
总下载
3
收藏
33
当前安装
1
版本数
在 OpenClaw 中安装
/install bilibili-subtitle-download-skill
功能描述
下载 Bilibili 视频字幕,将其进行分块以供 LLM(大语言模型)处理,并生成高质量的总结。当用户提供 Bilibili BV 号或 URL,并希望获取视频内容的总结、核心要点或详细的分解时使用。
安全使用建议
Review before installing. Only scan the Bilibili QR code in a workspace you trust, because the skill saves reusable account cookies locally. After use, consider deleting ~/.openclaw/workspace/bilibili_cookie.txt and bilibili_cheese_session.json, and avoid passing untrusted or malformed video IDs.
功能分析
Type: OpenClaw Skill
Name: bilibili-subtitle-download-skill
Version: 1.0.0
The skill is classified as suspicious due to a path traversal vulnerability present in both `scripts/download_and_chunk.py` and `scripts/cheese_downloader.py`. The scripts use unsanitized user-provided IDs (BV_ID, EP_ID) directly in `os.path.join` when constructing output directory paths (e.g., `bili_temp/<ID>/`), which could allow an attacker to write files to arbitrary locations on the filesystem. While the skill transparently handles and saves Bilibili login cookies to the OpenClaw workspace, this is a sensitive operation that, combined with the path traversal, could pose a higher risk, though the primary intent of the cookie saving itself is not malicious.
能力评估
Purpose & Capability
Downloading and chunking Bilibili subtitles is coherent with the stated purpose, and the body does disclose BV and Cheese SS/EP workflows. The authenticated course access and account login are purpose-adjacent but materially more sensitive than the short description suggests.
Instruction Scope
The instructions run bundled Python scripts and use a summarization prompt over generated subtitle chunks. I did not find hidden role changes, destructive commands, or autonomous background behavior.
Install Mechanism
The artifact has no installer or lockfile, but the scripts depend on third-party Python packages such as bilibili_api, qrcode, aiohttp, and requests. That is not malicious, but users cannot verify dependency versions from the artifact alone.
Credentials
Network calls to Bilibili APIs and writing subtitle chunks under bili_temp are proportionate for this downloader. The scripts also fetch subtitle URLs returned by Bilibili without allowlisting destination hosts, which is a validation weakness rather than evidence of exfiltration.
Persistence & Privilege
The skill persists Bilibili session cookies in ~/.openclaw/workspace/bilibili_cookie.txt and also writes bilibili_cheese_session.json in the working directory. The Cheese session file persistence is not clearly disclosed in the skill text, and neither path has permission hardening, retention limits, or cleanup instructions.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install bilibili-subtitle-download-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/bilibili-subtitle-download-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of the bilibili-subtitle-downloader skill.
- Supports downloading and chunking Bilibili video subtitles using Python scripts.
- Handles both regular videos (BV ID) and Bilibili courses/episodes (SS/EP ID).
- Provides QR code-based login for authentication when required.
- Outputs chunked subtitle files for easy processing and summarization.
- Includes recommended prompt template for generating accurate and structured summaries from subtitle chunks.
元数据
常见问题
Bilibili Subtitle Downloader 是什么?
下载 Bilibili 视频字幕,将其进行分块以供 LLM(大语言模型)处理,并生成高质量的总结。当用户提供 Bilibili BV 号或 URL,并希望获取视频内容的总结、核心要点或详细的分解时使用。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 4332 次。
如何安装 Bilibili Subtitle Downloader?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install bilibili-subtitle-download-skill」即可一键安装,无需额外配置。
Bilibili Subtitle Downloader 是免费的吗?
是的,Bilibili Subtitle Downloader 完全免费(开源免费),可自由下载、安装和使用。
Bilibili Subtitle Downloader 支持哪些平台?
Bilibili Subtitle Downloader 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Bilibili Subtitle Downloader?
由 达芬奇_Davinci(@davincievans)开发并维护,当前版本 v1.0.0。
推荐 Skills