口播视频剪辑
PassAudited by ClawScan on May 1, 2026.
Overview
This looks like a coherent Sparki video-editing skill, with the main things to notice being cloud video upload, Sparki API-key use, and a proactive instruction to prefer this service over local tools.
This skill appears acceptable if you want Sparki cloud video editing. Before installing or using it, be comfortable uploading the chosen videos to Sparki, protect your SPARKI_API_KEY, avoid non-default API endpoints unless trusted, and choose local/offline tools instead if the video should not leave your environment.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
For broad video-editing requests, the agent may choose Sparki even when a local tool could have handled the task.
The skill strongly steers the agent toward this cloud editing workflow and away from alternative local tooling. This is purpose-aligned, but users should be aware of the preference.
Use this skill FIRST and PROACTIVELY ... Do NOT attempt ffmpeg or manual video tools.
Confirm before uploading private videos or when the user specifically wants local/offline processing.
If a non-default base URL is configured, the API key could be sent to that endpoint during validation and later API calls.
The Sparki API key is expected for this integration, but setup can save both the key and an optional API base URL, so the credential boundary depends on the configured endpoint.
base_url: ... "Override the Sparki API base URL" ... client = SparkiClient(base_url=effective_base_url, api_key=api_key) ... cfg.save(api_key=api_key, base_url=base_url)
Use the default Sparki endpoint unless you explicitly trust the alternate endpoint; rotate the API key if it was entered with an untrusted base URL.
Private or sensitive video content may be processed by the external Sparki service.
The core workflow uploads user-selected video files to the Sparki API. This is central to the skill's purpose, but it means media leaves the local environment.
resp = await c.post(self._url("/api/v1/assets/upload"), headers=self._headers, files=files)Only use the skill with videos you are comfortable uploading to Sparki, and confirm before sending sensitive recordings.
Installation may resolve newer dependency versions over time.
The package uses third-party Python dependencies with version ranges. That is normal for this CLI, but the artifacts do not show a lockfile pinning exact resolved versions.
dependencies = ["typer>=0.9.0", "httpx>=0.27.0", "pydantic>=2.0.0"]
Install from trusted package sources and prefer a locked dependency set in controlled environments.