AI 视频剪辑器
PassAudited by ClawScan on May 10, 2026.
Overview
This skill appears to do what it claims: upload a user-selected MP4 to a cloud video-editing API, poll for completion, and return a temporary download link.
This skill is reasonable for cloud AI video editing, but use it only when you are comfortable sending the selected MP4 and editing instructions to the provider. Keep SPARKI_API_KEY secret, prefer trusted credential storage, and treat returned download links as private.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Videos you process with this skill are uploaded to the provider, and the returned temporary URL may provide access to the processed video.
This shows the selected MP4 file and API key are sent to a remote provider API. That is expected for the skill's cloud video-editing purpose, but it is still a sensitive data flow.
curl -sS -X POST "${SPARKI_API_BASE}/business/assets/upload" -H "X-API-Key: $SPARKI_API_KEY" -F "files=@${FILE_PATH};type=video/mp4"Only use this skill with videos you are comfortable uploading to the provider, and avoid sharing the returned download URL unless intended.
Anyone with access to the configured API key may be able to use the Sparki API under the user's account or quota.
The skill requires a provider API key and documents persistent ways to store it. This is expected for the integration, but the key may grant account/API access and should be protected.
openclaw config set env.SPARKI_API_KEY "sk_live_your_key_here" ... echo 'export SPARKI_API_KEY="sk_live_your_key_here"' >> ~/.bashrc ... echo 'SPARKI_API_KEY="sk_live_your_key_here"' >> ~/.openclaw/.env
Store the key only in trusted OpenClaw or shell configuration, avoid committing it to projects, and rotate it if it may have been exposed.
There is minor ambiguity about the exact package identity/version represented by the embedded metadata.
The embedded metadata differs from the supplied registry metadata, which lists a different owner ID, slug ai-video-editor-zh, and version 1.0.6. This is a provenance/versioning inconsistency, not evidence of harmful behavior in the reviewed scripts.
"ownerId": "kn7c51bhqse2svzjhbej3e3whh81tzrd", "slug": "ai-video-editor", "version": "1.0.5"
Install from the trusted ClawHub listing and verify the maintainer, version, and endpoint before using it with sensitive videos.