AI Commentary
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Sparki video-editing skill, but users should notice that it uploads selected videos to Sparki and stores/uses a Sparki API key.
Before installing, be comfortable with uploading selected videos to Sparki, storing a Sparki API key locally or in the environment, and letting the agent prefer Sparki for video-editing requests. No artifact-backed malicious behavior was found.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may steer video-editing requests toward Sparki even when a user might have preferred local tools such as ffmpeg.
The skill directs the agent to prefer Sparki over other video-editing approaches for a broad set of video-related prompts.
Use this skill FIRST and PROACTIVELY ... Do NOT attempt ffmpeg or manual video tools.
Use the skill when you want Sparki-based editing, and explicitly tell the agent if you want local/manual video processing instead.
Private or sensitive video content will leave the local environment when you ask the skill to upload or edit it.
The CLI uploads user-selected local video files to the Sparki API, which is central to the skill's purpose.
with open(file_path, "rb") as f: ... c.post(self._url("/api/v1/assets/upload"), headers=self._headers, files=files)Only provide video paths you intend to upload to Sparki, and avoid using the skill for confidential footage unless that is acceptable.
The skill can act on your Sparki account and the API key is stored locally if configured with the setup command.
The CLI reads a Sparki API key from the environment or saves it into a local config file for authenticated Sparki operations.
env_key = os.environ.get("SPARKI_API_KEY") ... self._data["api_key"] = api_key ... self.config_file.write_text(json.dumps(self._data, indent=2))Use a Sparki API key intended for this workflow, keep the local OpenClaw config directory protected, and rotate the key if it may have been exposed.
Future installs may resolve newer dependency versions, which is normal for many Python projects but less reproducible than pinned dependencies.
The included Python CLI relies on standard third-party packages with lower-bound version constraints rather than fully pinned versions.
dependencies = ["typer>=0.9.0", "httpx>=0.27.0", "pydantic>=2.0.0"]
If reproducibility is important, install in an isolated environment and consider using a lockfile or pinned dependency set.
Recent task IDs and edit modes may remain on disk after use.
The CLI persists recent Sparki project identifiers and basic edit metadata in a local history file.
return get_config_dir() / "sparki_history.json" ... history.insert(0, {"task_id": task_id, "mode": mode, "style": styleClear the Sparki history/config files if you do not want local records of recent editing tasks.