AI Vlog 剪辑器
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: ai-vlog-editor-zh Version: 1.0.12 The skill bundle is a legitimate CLI wrapper for the Sparki AI video editing service. The code in `src/sparki_cli/` implements standard REST API interactions using `httpx` for uploading videos, managing editing projects, and downloading results. Permissions defined in `SKILL.md` are appropriately scoped to the application's own configuration and workspace directories, and network access is restricted to the official service domain (agent-api.sparki.io). No evidence of malicious intent, data exfiltration, or harmful prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may prefer a cloud-based Sparki workflow even when a local editing tool might also work.
This broadly steers the host agent toward Sparki for video tasks and away from local/manual tools. It is aligned with the skill purpose but affects tool choice.
Use this skill FIRST and PROACTIVELY ... Do NOT attempt ffmpeg or manual video tools.
Use this skill when cloud Sparki editing is desired; explicitly request local-only or ffmpeg/manual processing if that is your preference.
Videos you choose for editing are sent to Sparki for processing and may contain personal or private content.
The CLI reads a local video file and uploads it to the configured Sparki API. This is central to the advertised editing workflow, but it is still a meaningful transfer of user media.
with open(file_path, "rb") as f: ... resp = await c.post(self._url("/api/v1/assets/upload"), headers=self._headers, files=files)Only upload videos you are comfortable sending to Sparki, and confirm the file path before running upload or run commands.
Anyone with access to the local config file or environment may be able to use the configured Sparki account key.
The skill uses a Sparki API key from the environment or stores it in a local OpenClaw config file. This is expected for authenticated Sparki access.
env_key = os.environ.get("SPARKI_API_KEY") ... self._data["api_key"] = api_key ... self.config_file.write_text(json.dumps(self._data, indent=2))Keep the API key private, use the official Sparki endpoint, and remove or rotate the key if the machine or config directory is shared.
Installation may pull newer compatible package versions from the package index.
The Python environment resolves external dependencies using version ranges rather than exact pinned versions. This is common for Python CLIs but is a supply-chain transparency point.
dependencies = ["typer>=0.9.0", "httpx>=0.27.0", "pydantic>=2.0.0"] ... requires = ["hatchling"]
Install from a trusted registry/source and prefer a reviewed lockfile or pinned dependency set for stricter reproducibility.