yby6-video-parser Security Report — Trusted | ClawSafe

5 /100

yby6-video-parser

视频解析与转录技能 - 支持解析抖音、快手、B站等20+平台的短视频链接，并可将视频语音内容转录为文字

This is a legitimate video parsing and transcription skill with no malicious behavior. All capabilities are properly documented in SKILL.md and match implementation.

Skill Nameyby6-video-parser

Duration50.3s

Enginepi

✓

Safe to install

No security concerns. Safe to use as documented.

Findings 1 items

Severity	Finding	Location
Low	Example API key pattern in README Doc Mismatch README.md contains 'sk-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' which resembles a real OpenAI/SiliconFlow key format but is clearly a placeholder `api_key=sk-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx` → Consider using a clearly fake placeholder like 'YOUR-API-KEY-HERE' to avoid confusion	`README.md:29`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`WRITE`	✓ Aligned	SKILL.md:write temporary files to tmp/, markdown reports to demos/
Network	`READ`	`READ`	✓ Aligned	SKILL.md:accesses video platforms and SiliconFlow API
Shell	`WRITE`	`WRITE`	✓ Aligned	SKILL.md:ffmpeg subprocess for audio extraction, transcribe.py:130
Environment	`READ`	`READ`	✓ Aligned	SKILL.md:.env file for API keys, transcribe.py:175-195
Skill Invoke	`READ`	`READ`	✓ Aligned	Exports parse_video_by_url, process_video_transcription

1 Critical 3 High 57 findings

🔑

Critical API Key 硬编码 API 密钥

sk-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

README.md:29

🔑

High API Key 疑似硬编码凭证

api_key="your-siliconflow-api-key"

README.md:165

📡

High IP Address 硬编码 IP 地址

108.0.0.0

scripts/parser/bilibili.py:19

📡

High IP Address 硬编码 IP 地址

120.0.0.0

scripts/parser/twitter.py:35

🔗

Medium External URL 外部 URL

https://siliconflow.cn/

.env:2

🔗

Medium External URL 外部 URL

https://docs.siliconflow.cn/api-reference/audio

.env:6

🔗

Medium External URL 外部 URL

http://ip:8000/video/share/url/parse?url=

.env:12

🔗

Medium External URL 外部 URL

https://api.siliconflow.cn/v1/audio/transcriptions

.env:15

🔗

Medium External URL 外部 URL

https://v.douyin.com/xxxxxx

README.md:45

🔗

Medium External URL 外部 URL

https://www.xiaohongshu.com/explore/xxxx

README.md:55

🔗

Medium External URL 外部 URL

https://www.bilibili.com/video/xxxx

README.md:58

🔗

Medium External URL 外部 URL

https://v.kuaishou.com/yyyyyy

README.md:184

🔗

Medium External URL 外部 URL

https://www.xiaohongshu.com/explore/zzzzzz

README.md:185

🔗

Medium External URL 外部 URL

https://tools.thatwind.com/tool/m3u8downloader

scripts/parser/acfun.py:12

🔗

Medium External URL 外部 URL

https://www.acfun.cn/v/

scripts/parser/acfun.py:61

🔗

Medium External URL 外部 URL

https://www.bilibili.com/

scripts/parser/bilibili.py:25

🔗

Medium External URL 外部 URL

https://api.bilibili.com/x/web-interface/view?bvid=

scripts/parser/bilibili.py:37

🔗

Medium External URL 外部 URL

https://api.bilibili.com/x/player/playurl?

scripts/parser/bilibili.py:49

🔗

Medium External URL 外部 URL

https://v2.doupai.cc/topic/

scripts/parser/doupai.py:18

🔗

Medium External URL 外部 URL

https://www.iesdouyin.com/share/video/

scripts/parser/douyin.py:192

🔗

Medium External URL 外部 URL

https://www.douyin.com/jingxuan?modal_id=7555093909760789812

scripts/parser/douyin.py:220

🔗

Medium External URL 外部 URL

https://www.iesdouyin.com/share/video/7424432820954598707/?region=CN&mid=7424432976273869622&u_code=0

scripts/parser/douyin.py:226

🔗

Medium External URL 外部 URL

https://www.douyin.com/video/xxxxxx

scripts/parser/douyin.py:227

🔗

Medium External URL 外部 URL

https://www.iesdouyin.com/web/api/v2/aweme/slidesinfo/

scripts/parser/douyin.py:287

🔗

Medium External URL 外部 URL

https://haokan.baidu.com/v?_format=json&vid=

scripts/parser/haokan.py:18

🔗

Medium External URL 外部 URL

https://liveapi.huya.com/moment/getMomentContent?videoId=

scripts/parser/huya.py:25

🔗

Medium External URL 外部 URL

https://v.huya.com/

scripts/parser/huya.py:29

🔗

Medium External URL 外部 URL

https://v.kuaishou.com/

scripts/parser/kuaishou.py:24

🔗

Medium External URL 外部 URL

https://www.pearvideo.com/videoStatus.jsp?contId=

scripts/parser/lishipin.py:27

🔗

Medium External URL 外部 URL

https://www.pearvideo.com/detail_

scripts/parser/lishipin.py:32

🔗

Medium External URL 外部 URL

https://m.oasis.weibo.cn/v1/h5/share?sid=

scripts/parser/lvzhou.py:45

🔗

Medium External URL 外部 URL

https://www.meipai.com/video/

scripts/parser/meipai.py:43

🔗

Medium External URL 外部 URL

https://share.ippzone.com/ppapi/share/fetch_content

scripts/parser/pipigaoxiao.py:24

🔗

Medium External URL 外部 URL

https://file.ippzone.com/img/view/id/

scripts/parser/pipigaoxiao.py:44

🔗

Medium External URL 外部 URL

https://api.pipix.com/bds/cell/cell_comment/

scripts/parser/pipixia.py:24

🔗

Medium External URL 外部 URL

https://quanmin.hao222.com/wise/growth/api/sv/immerse

scripts/parser/quanmin.py:19

🔗

Medium External URL 外部 URL

https://kg.qq.com/node/play?s=

scripts/parser/quanminkge.py:22

🔗

Medium External URL 外部 URL

https://ci.xiaohongshu.com/notes_pre_post/

scripts/parser/redbook.py:59

🔗

Medium External URL 外部 URL

https://v.6.cn/coop/mobile/index.php?

scripts/parser/sixroom.py:27

🔗

Medium External URL 外部 URL

https://m.6.cn/v/

scripts/parser/sixroom.py:32

🔗

Medium External URL 外部 URL

https://cdn.syndication.twimg.com/tweet-result?

scripts/parser/twitter.py:28

🔗

Medium External URL 外部 URL

https://platform.twitter.com/

scripts/parser/twitter.py:38

🔗

Medium External URL 外部 URL

https://x.com/user/status/1234567890

scripts/parser/twitter.py:160

🔗

Medium External URL 外部 URL

https://twitter.com/user/status/1234567890

scripts/parser/twitter.py:161

🔗

Medium External URL 外部 URL

https://mobile.twitter.com/user/status/1234567890

scripts/parser/twitter.py:162

🔗

Medium External URL 外部 URL

https://weibo.com/2543858012/Q9pcJ4S21

scripts/parser/weibo.py:28

🔗

Medium External URL 外部 URL

https://h5.video.weibo.com/api/component?page=/show/

scripts/parser/weibo.py:38

🔗

Medium External URL 外部 URL

https://h5.video.weibo.com/show/

scripts/parser/weibo.py:40

🔗

Medium External URL 外部 URL

https://m.weibo.cn/statuses/show?id=

scripts/parser/weibo.py:75

🔗

Medium External URL 外部 URL

https://m.weibo.cn/

scripts/parser/weibo.py:78

🔗

Medium External URL 外部 URL

https://h5.weishi.qq.com/webapp/json/weishi/WSH5GetPlayPage

scripts/parser/weishi.py:19

🔗

Medium External URL 外部 URL

https://www.ixigua.com/

scripts/parser/xigua.py:19

🔗

Medium External URL 外部 URL

https://www.ixigua.com/xxxxxx

scripts/parser/xigua.py:20

🔗

Medium External URL 外部 URL

https://m.ixigua.com/douyin/share/video/

scripts/parser/xigua.py:37

🔗

Medium External URL 外部 URL

https://www.xinpianchang.com/

scripts/parser/xinpianchang.py:19

🔗

Medium External URL 外部 URL

https://mod-api.xinpianchang.com/mod/api/v2/media/

scripts/parser/xinpianchang.py:34

🔗

Medium External URL 外部 URL

https://share.xiaochuankeji.cn/planck/share/post/detail_h5

scripts/parser/zuiyou.py:19

File Tree

32 files · 115.4 KB · 3598 lines

Python 27f · 2822L Markdown 3f · 752L Other 1f · 21L Text 1f · 3L

├─ ▾ 📁 scripts

│ ├─ ▾ 📁 parser

│ │ ├─ 🐍 __init__.py Python 178L · 4.6 KB

│ │ ├─ 🐍 acfun.py Python 62L · 2.2 KB

│ │ ├─ 🐍 base.py Python 115L · 2.5 KB

│ │ ├─ 🐍 bilibili.py Python 120L · 4.3 KB

│ │ ├─ 🐍 doupai.py Python 36L · 1.1 KB

│ │ ├─ 🐍 douyin.py Python 313L · 12.0 KB

│ │ ├─ 🐍 haokan.py Python 41L · 1.3 KB

│ │ ├─ 🐍 huya.py Python 49L · 1.5 KB

│ │ ├─ 🐍 kuaishou.py Python 94L · 3.1 KB

│ │ ├─ 🐍 lishipin.py Python 51L · 1.5 KB

│ │ ├─ 🐍 lvzhou.py Python 46L · 1.4 KB

│ │ ├─ 🐍 meipai.py Python 86L · 2.8 KB

│ │ ├─ 🐍 pipigaoxiao.py Python 51L · 1.7 KB

│ │ ├─ 🐍 pipixia.py Python 74L · 2.8 KB

│ │ ├─ 🐍 quanmin.py Python 50L · 1.7 KB

│ │ ├─ 🐍 quanminkge.py Python 50L · 1.5 KB

│ │ ├─ 🐍 redbook.py Python 89L · 3.3 KB

│ │ ├─ 🐍 sixroom.py Python 52L · 1.6 KB

│ │ ├─ 🐍 twitter.py Python 178L · 6.4 KB

│ │ ├─ 🐍 utils.py Python 22L · 639 B

│ │ ├─ 🐍 weibo.py Python 195L · 6.7 KB

│ │ ├─ 🐍 weishi.py Python 46L · 1.4 KB

│ │ ├─ 🐍 xigua.py Python 78L · 2.9 KB

│ │ ├─ 🐍 xinpianchang.py Python 57L · 2.0 KB

│ │ └─ 🐍 zuiyou.py Python 44L · 1.4 KB

│ ├─ 🐍 skill.py Python 255L · 6.6 KB

│ └─ 🐍 transcribe.py Python 390L · 13.3 KB

├─ 🔑 .env ⚠ 21L · 937 B

├─ 📝 README_EN.md Markdown 276L · 8.1 KB

├─ 📝 README.md Markdown 276L · 7.6 KB

├─ 📄 requirements.txt Text 3L · 53 B

└─ 📝 SKILL.md Markdown 200L · 6.8 KB

Dependencies 4 items

Package	Version	Source	Known Vulns	Notes
`httpx`	`>=0.28.1`	pip	No	Version constrained, reputable HTTP client library
`fake-useragent`	`>=1.5.1`	pip	No	Standard user-agent spoofing for web scraping
`requests`	`>=2.28.0`	pip	No	Standard HTTP library for downloads and API calls
`ffmpeg`	`external`	system	No	Declared binary dependency, documented in SKILL.md

Security Positives

✓ All declared capabilities match implementation - no hidden functionality

✓ No credential harvesting or exfiltration detected

✓ No obfuscation techniques (base64, eval, etc.)

✓ No reverse shell, C2, or persistence mechanisms

✓ subprocess usage (ffmpeg) is documented and necessary for audio extraction

✓ Network requests only to legitimate video platforms and stated SiliconFlow API

✓ API keys read from .env file only, never hardcoded in source code

✓ All dependencies are standard video/audio processing libraries with reasonable version constraints

✓ Clear documentation of temporary file handling and cleanup options

Scan Report

Findings 1 items

File Tree

Dependencies 4 items

Security Positives