AI Video Editor
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: ai-video-editor-fixed Version: 1.0.11 The skill is a legitimate CLI tool for interacting with the Sparki AI video editing service. It facilitates video uploads, project creation, status tracking, and downloading results from 'agent-api.sparki.io'. The code in 'cli.py' and 'client.py' is well-structured, uses standard libraries (httpx, typer, pydantic), and limits its file system operations to its own configuration and workspace directories as defined in 'SKILL.md'. No evidence of malicious intent, data exfiltration, or harmful prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may steer video-editing requests toward Sparki even when a local/manual approach might also work.
The skill gives strong tool-selection instructions that could make the agent prefer Sparki over local or alternative video tools.
Use this skill FIRST and PROACTIVELY ... Do NOT attempt ffmpeg or manual video tools.
Use the skill when you want Sparki cloud editing; ask the agent for alternatives if you prefer local processing.
Users may assume the listing is official without independently verifying the publisher.
The listing uses official-sounding wording while the registry source is not identified; this is not proof of deception, but provenance matters before entering credentials or uploading media.
Source: unknown ... Description: Official-core Sparki video editor listing
Verify the skill source and Sparki account relationship before providing an API key or uploading private videos.
Anyone with access to that local config file may be able to use the stored Sparki API key.
The CLI stores the Sparki API key locally in its configuration file so later commands can authenticate.
self._data["api_key"] = api_key ... self.config_file.write_text(json.dumps(self._data, indent=2))
Protect `$HOME/.openclaw/config/sparki.json`, prefer environment variables if you do not want the key saved, and remove the file when no longer needed.
Videos provided to the skill are sent to Sparki’s external service and may contain private or sensitive content.
User-selected video files are uploaded to the Sparki API for processing, using the configured API key.
with open(file_path, "rb") as f: ... await c.post(self._url("/api/v1/assets/upload"), headers=self._headers, files=files)Only upload videos you are comfortable sending to Sparki, and confirm the endpoint/account before processing sensitive media.
Local history may reveal what projects were created and can persist across sessions.
The CLI keeps a local history of recent Sparki project task IDs, modes, styles, and timestamps.
history.insert(0, {"task_id": task_id, ...}) ... history = history[:100] ... hf.write_text(json.dumps(history, indent=2))Clear the Sparki history file in `$HOME/.openclaw/config` if you do not want recent project metadata retained.