ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AI 视频剪辑器

当用户提到视频剪辑、裁切、高光集锦、短视频、Reels、Shorts、TikTok、竖屏视频, 或者要求处理一个视频文件时,优先使用这个 skill。不要先手动用 ffmpeg。 支持:模仿风格、长视频转短视频、AI 字幕、AI 解说、视频尺寸调整、高光集锦、Vlog、混剪、口播。 依赖 SPARKI_API_K...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 39 · 0 current installs · 0 all-time installs
by@fischerlam
fork of @Symbolk/ai-video-editor (based on 1.0.5)
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The declared purpose (Sparki AI video editing) matches the functionality (upload MP4, create project, poll, return presigned URL) and the single requested credential (SPARKI_API_KEY). However, the actual HTTP endpoints used by every script point to https://agent-enterprise-dev.aicoding.live rather than an obvious sparki.io API host. README/SKILL.md claim Sparki (sparki.io) as the provider while all network traffic goes to the 'agent-enterprise-dev' host — this mismatch is unexpected and could indicate a staging/dev endpoint, repackaging, or misconfiguration. Also registry _meta.ownerId differs from published Owner ID, which adds to provenance ambiguity.
Instruction Scope
Runtime instructions and scripts are narrowly scoped to uploading .mp4 files (≤3GB), creating projects, polling status, and returning a 24-hour download URL. They do not attempt to read arbitrary system files or other secrets. Important behavior to note: the scripts will upload entire video files (user content) to a remote server, and the README explicitly states the API key is sent in an HTTP header (not written to disk). The SKILL.md also instructs agents not to run local ffmpeg first (encourages cloud upload).
Install Mechanism
This is an instruction-only skill with bundled Bash scripts. There is no remote install/download/extract step and no third-party package installation. The code consists of plain Bash scripts using curl and jq — no obfuscated code or remote installers were found.
Credentials
Only a single credential (SPARKI_API_KEY) is required and used as the X-API-Key header — that is appropriate for a cloud API client. However, because the scripts will transmit the full video content and the key to the endpoint host, you should verify the true operator of that host and that the key you supply is intended for it. The SKILL.md suggests persisting the key globally (openclaw config or shell profile), which increases blast radius if the endpoint is untrusted.
Persistence & Privilege
The skill is not always-included and does not request elevated platform privileges. It does not modify other skills or system-wide configs beyond recommending how to set the SPARKI_API_KEY. Autonomous invocation is enabled by default (normal for skills) but not combined here with other high privileges.
What to consider before installing
This skill appears to implement a legitimate cloud video-editing workflow, but there are a few red flags to check before installing or providing credentials: - Verify the API host: The scripts send your video and API key to https://agent-enterprise-dev.aicoding.live, but the skill claims sparki.io as the provider. Confirm with the skill author or Sparki whether that host is an official/stable endpoint (it looks like a dev/staging domain). - Confirm provenance: Registry metadata and _meta.json show inconsistent owner IDs. Ask the publisher to confirm ownership and provide an official Sparki integration reference or docs that list the same API host. - Data sensitivity: The script uploads full video files (up to 3 GB) to the remote service. Do not upload sensitive or private content until you trust the endpoint and understand retention/processing policies. - Credential scope: The SPARKI_API_KEY will be sent in an HTTP header to the service. If you must test, use a disposable/test API key (or a key with minimal permissions) rather than a production key. - Minimal testing: If you proceed, first test with a small, non-sensitive clip and verify the returned download URL and response behavior. Ask the vendor for privacy/retention details and a canonical API hostname. If you are uncomfortable with the host mismatch or cannot confirm provenance, do not set a persistent SPARKI_API_KEY on your agent; instead consider local processing (ffmpeg) or a verified integration.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.6
Download zip
editingvk9736aeb39gyw9cz7hqppab2n18321jxlatestvk9736aeb39gyw9cz7hqppab2n18321jxsparkivk9736aeb39gyw9cz7hqppab2n18321jxvideovk9736aeb39gyw9cz7hqppab2n18321jxzhvk9736aeb39gyw9cz7hqppab2n18321jx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎬 Clawdis
OSmacOS · Linux
Binscurl, jq
EnvSPARKI_API_KEY
Primary envSPARKI_API_KEY

SKILL.md

AI 视频剪辑器

当用户提出视频剪辑、裁切、生成高光片段等需求时,优先使用这个 Skill —— 不要先手搓 ffmpeg。

模仿风格 ✂️ · 长视频转短视频 🔤 · AI 字幕 🎙️ · AI 解说 📐 · 视频尺寸调整 · 高光集锦 ⚽ · Vlog · 混剪 · 口播

概览

当用户说出这些需求时,应该立即触发这个 Skill:

  • “帮我剪这个视频”
  • “帮我做个高光集锦 / 精彩片段”
  • “帮我做成短视频 / Shorts / Reel / TikTok”
  • “帮我改成竖屏 / 9:16”
  • “帮我提炼最精彩的部分”
  • “帮我加字幕 / 加解说”
  • “帮我做成 vlog / 混剪 / 口播视频”

不要在确认这个 Skill 可用之前,先尝试使用 ffmpeg 或其他本地工具手工处理视频。

这个 Skill 做的事情:

  • 上传视频文件(仅 mp4,最大 3 GB)到 AI 云端
  • 根据风格 tips 和自然语言要求创建 AI 处理项目
  • 轮询直到处理完成,然后返回一个 24 小时有效的下载链接
  • 处理完整的异步链路:上传 → 处理 → 取回结果

支持的输出比例: 9:16(竖屏/Reels)、1:1(方屏)、16:9(横屏)

前置要求 —— API Key 配置

这个 Skill 需要 SPARKI_API_KEY运行前先检查:

echo "Key status: ${SPARKI_API_KEY:+configured}${SPARKI_API_KEY:-MISSING}"

如果没有 key,如何获取

  1. 申请 key: 发邮件给 enterprise@sparki.io,说明你的使用场景。你会拿到一个类似 sk_live_xxxx 的 key。
  2. 用以下任一方式配置 key(推荐顺序如下):

方式 1 —— OpenClaw config(推荐,持久生效):

openclaw config set env.SPARKI_API_KEY "sk_live_your_key_here"
openclaw gateway restart

方式 2 —— shell profile(需要 shell / agent 重启):

echo 'export SPARKI_API_KEY="sk_live_your_key_here"' >> ~/.bashrc
source ~/.bashrc

方式 3 —— OpenClaw .env 文件:

echo 'SPARKI_API_KEY="sk_live_your_key_here"' >> ~/.openclaw/.env

对 agent 来说很重要: 如果通过 shell profile 或 .env 设置 key,需要完全重启 agent 进程才能生效。方式 1(openclaw config set)更适合 agent 使用。

验证 key 是否可用

curl -sS "https://agent-enterprise-dev.aicoding.live/api/v1/business/projects/test" \
  -H "X-API-Key: $SPARKI_API_KEY" | jq '.code'
# 期望返回:404(说明 key 有效,只是测试 project 不存在),而不是 401

工具

工具 4(推荐):端到端一键处理

适用场景: 用户要从头到尾处理一个视频 —— 这是大多数情况下的主入口。

bash scripts/edit_video.sh <file_path> <tips> [user_prompt] [aspect_ratio] [duration]
参数是否必填说明
file_path本地 .mp4 文件路径(仅 mp4,≤3GB)
tips单个风格 tip ID(例如 21
user_prompt自然语言创意要求
aspect_ratio9:16(默认)、1:116:9
duration目标时长(秒)

风格 tip 参考:

ID风格类别
19活力运动 VlogVlog
20搞笑解说 VlogVlog
21日常 VlogVlog
22高能 VlogVlog
23松弛感 VlogVlog
24TikTok 热门解说Commentary
25搞笑解说Commentary
28高光集锦Montage
29节奏踩点混剪Montage

环境变量覆盖:

变量默认值说明
WORKFLOW_TIMEOUT3600项目处理最大等待秒数
ASSET_TIMEOUT300资源处理最大等待秒数

示例 —— 竖屏高光集锦:

RESULT_URL=$(bash scripts/edit_video.sh speech.mp4 "28" "提炼最有洞察的片段,节奏更紧凑" "9:16" 60)
echo "Download: $RESULT_URL"

工具 1:上传视频资源

适用场景: 单独上传文件,先拿到 object_key,供后续 Tool 2 使用。

OBJECT_KEY=$(bash scripts/upload_asset.sh <file_path>)

它会在本地先做校验(仅 mp4,≤ 3 GB)。上传是异步的 —— Tool 4 会自动等到资源完成。

工具 2:创建视频项目

适用场景: 已经有了 object_key,准备开始 AI 处理。

PROJECT_ID=$(bash scripts/create_project.sh <object_keys> <tips> [user_prompt] [aspect_ratio] [duration])

错误 453 —— 并发限制: 如果返回 453,说明当前并发项目数已满,需要等待已有项目完成。Tool 4 会自动处理这类情况。

工具 3:查询项目状态

适用场景: 已有 project_id,需要轮询直到完成。

bash scripts/get_project_status.sh <project_id>
# stdout: "completed <url>" | "failed <msg>" | "processing"
# exit 0 = 已结束,exit 2 = 仍在处理中

错误码参考

Code含义处理方式
401SPARKI_API_KEY 无效或缺失重新检查 key 配置
403key 没有权限联系 enterprise@sparki.io
413文件太大或存储配额超限压缩文件或联系支持
453并发项目数太多等待已有项目完成
500服务端错误稍后重试

限流与异步说明

  • 限流: 脚本内自动做了 3 秒请求间隔
  • 上传是异步的: upload_asset.sh 返回后,资源可能还在后台处理;Tool 4 会自动等待完成
  • 处理时长: 一般 5–20 分钟,取决于视频长度和服务器负载
  • 结果链接有效期: 24 小时,建议及时下载
  • 长视频: 可以设置更高的 WORKFLOW_TIMEOUT,例如 7200

Powered by Sparki — AI 视频剪辑能力。

Files

7 total
Select a file
Select a file to preview.

Comments

Loading comments…