📦 bilibili 热门视频推荐排行榜 — bilibili热门视频推荐排行榜
v1.0.2实时获取B站首页热门推荐视频榜单,输出视频标题、作者、链接及分类,无需登录,内容实时更新。
0· 69·0 当前·0 累计
by 下载技能包
最后更新
2026/4/2
安全扫描
OpenClaw
可疑
medium confidence该技能确实实现了其描述的功能(获取B站热榜),但它并未调用Bilibili的API,而是向一个未知的第三方代理(lvhomeproxy2.dpdns.org)发起请求,这与描述不符,并引发隐私和信任问题。
评估建议
This skill largely does what it claims, but it fetches data from an unknown third‑party proxy (lvhomeproxy2.dpdns.org) rather than official Bilibili endpoints. That means the proxy operator can see your requests and could tamper with responses — a privacy/trust risk. Before installing or using:
- Consider rejecting or sandboxing network calls to untrusted hosts. Run the script locally and monitor outbound connections.
- Ask the author why a private proxy is used and for the proxy's provenance or...详细分析 ▾
⚠ 用途与能力
The skill's stated purpose is to fetch Bilibili's homepage hot recommendations without login. The included script does attempt to return titles, authors, links, and categories — so capability matches purpose — but it retrieves data from an unrelated third‑party base_url (https://lvhomeproxy2.dpdns.org/api/bilibili/web/fetch_com_popular) rather than from official Bilibili endpoints (api.bilibili.com or scraping bilibili.com). Requiring an external proxy for a task that could be implemented by calling official APIs or scraping is disproportionate and unexpected.
ℹ 指令范围
SKILL.md instructs use of the provided script and mentions installing requests; it does not request reading local files or secrets. However, the runtime script performs an outbound GET to a private domain (lvhomeproxy2.dpdns.org). That external network call is not documented in SKILL.md as a third‑party proxy and expands the skill's effective scope (user IP, request headers, and usage data will be visible to that host).
ℹ 安装机制
There is no install spec (instruction-only), but SKILL.md and the script require the requests Python library. This is low risk in itself, but the absence of an install step means consumers may not realize a network call is made to a non-official service.
✓ 凭证需求
The skill requests no environment variables, credentials, or config paths — nothing appears to overreach in terms of claimed secret access.
✓ 持久化与权限
The skill does not request always:true and uses normal invocation settings. It does not attempt to modify other skills or system settings.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.22026/4/2
- 更新脚本信息,补充脚本依赖需安装 requests 库 - 优化描述,明确无需登录即可获取 B 站首页热门推荐视频 - 修正“脚本位置”为“脚本信息”,增强可读性 - update_time 字段由 2026-04-22 更新为 2026-04-02
● 可疑
安装命令
点击复制官方npx clawhub@latest install bilibili-hot-recommend
镜像加速npx clawhub@latest install bilibili-hot-recommend --registry https://cn.longxiaskill.com