AI Vlog 剪辑器
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a coherent Sparki video-editing skill, but it uploads selected videos to Sparki and uses a Sparki API key.
Install/use this if you are comfortable with a Sparki cloud workflow: selected videos and prompts are sent to Sparki, and a Sparki API key may be stored locally. Avoid it for local-only or highly private media workflows, keep the API key secure, and install dependencies only from trusted sources.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may prefer a cloud-based Sparki workflow even when a local editing tool might also work.
This broadly steers the host agent toward Sparki for video tasks and away from local/manual tools. It is aligned with the skill purpose but affects tool choice.
Use this skill FIRST and PROACTIVELY ... Do NOT attempt ffmpeg or manual video tools.
Use this skill when cloud Sparki editing is desired; explicitly request local-only or ffmpeg/manual processing if that is your preference.
Videos you choose for editing are sent to Sparki for processing and may contain personal or private content.
The CLI reads a local video file and uploads it to the configured Sparki API. This is central to the advertised editing workflow, but it is still a meaningful transfer of user media.
with open(file_path, "rb") as f: ... resp = await c.post(self._url("/api/v1/assets/upload"), headers=self._headers, files=files)Only upload videos you are comfortable sending to Sparki, and confirm the file path before running upload or run commands.
Anyone with access to the local config file or environment may be able to use the configured Sparki account key.
The skill uses a Sparki API key from the environment or stores it in a local OpenClaw config file. This is expected for authenticated Sparki access.
env_key = os.environ.get("SPARKI_API_KEY") ... self._data["api_key"] = api_key ... self.config_file.write_text(json.dumps(self._data, indent=2))Keep the API key private, use the official Sparki endpoint, and remove or rotate the key if the machine or config directory is shared.
Installation may pull newer compatible package versions from the package index.
The Python environment resolves external dependencies using version ranges rather than exact pinned versions. This is common for Python CLIs but is a supply-chain transparency point.
dependencies = ["typer>=0.9.0", "httpx>=0.27.0", "pydantic>=2.0.0"] ... requires = ["hatchling"]
Install from a trusted registry/source and prefer a reviewed lockfile or pinned dependency set for stricter reproducibility.