不露脸视频
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a purpose-aligned Sparki video-editing skill, but it uploads selected videos to Sparki and uses a Sparki API key, so users should understand the cloud and credential behavior.
Install only if you are comfortable sending selected video files to Sparki and storing or providing a Sparki API key. Use the default Sparki API endpoint, keep the key private, and specify local-only editing if you do not want the agent to use this cloud workflow.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may prefer a cloud Sparki workflow over local video tools.
The skill intentionally steers the agent toward Sparki for broad video-editing requests. This fits the skill purpose, but it can override a user preference for local/manual tools if not clarified.
Use this skill FIRST and PROACTIVELY ... Do NOT attempt ffmpeg or manual video tools.
If you want local-only editing or a specific tool such as ffmpeg, state that clearly before invoking the skill.
Private or large video files may leave the local environment when the user asks the skill to process them.
The CLI uploads user-selected local video files to the Sparki API. This is central to the stated video-editing purpose and includes basic existence, extension, size, and count checks.
with open(file_path, "rb") as f: ... resp = await c.post(self._url("/api/v1/assets/upload"), headers=self._headers, files=files)Only provide video paths you intend to upload to Sparki, and avoid using the skill for confidential media unless you trust the service.
Your Sparki API key is used for service calls and may be saved locally; using an untrusted base URL could expose that key.
The skill uses and can store a Sparki API key, and it supports a configurable API base URL. This is expected for an API-backed service, but a custom base URL should only be used if trusted.
base_url: ... help="Override the Sparki API base URL" ... client = SparkiClient(base_url=effective_base_url, api_key=api_key) ... cfg.save(api_key=api_key, base_url=base_url)
Use the default Sparki endpoint unless you have a trusted reason to override it, and protect or periodically rotate your API key.
Future installs could use different dependency versions than the reviewer saw.
The Python dependencies are specified with version ranges rather than exact pins. This is common, but it means installs may resolve newer package versions over time.
dependencies = ["typer>=0.9.0", "httpx>=0.27.0", "pydantic>=2.0.0"]
Prefer a lockfile or pinned dependency versions for repeatable installation, especially in production environments.