ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

TikTok 爆款剪辑

v1.0.12

面向 TikTok 爆款节奏场景的 Sparki skill 变体,沿用最新版官方 Sparki 安装、API key、上传和命令说明,同时保留 TikTok viral 场景定位。

1· 301·1 current·1 all-time
by@fischerlam

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for fischerlam/tiktok-viral-editor-zh.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "TikTok 爆款剪辑" (fischerlam/tiktok-viral-editor-zh) from ClawHub.
Skill page: https://clawhub.ai/fischerlam/tiktok-viral-editor-zh
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: uv
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install tiktok-viral-editor-zh

ClawHub CLI

Package manager switcher

npx clawhub@latest install tiktok-viral-editor-zh
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code implements a Sparki CLI (upload, create project, status, download) which aligns with the advertised TikTok-focused Sparki variant and legitimately needs SPARKI_API_KEY and network access to Sparki. However, the declared required binary 'uv' (and SKILL.md's install: 'uv sync') does not match the provided CLI entry point ('sparki'). This is an inconsistency — either the agent/platform expects an external 'uv' helper or the metadata is incorrect.
Instruction Scope
SKILL.md gives narrow operational instructions: be proactive on video-editing requests, avoid ffmpeg/manual edits, and require uploads via local path or a Telegram mini-app link. The runtime instructions and code reference only the project config dir, workspace, and the Sparki API; they do not instruct reading unrelated system files or exfiltrating data to third-party endpoints outside agent-api.sparki.io.
Install Mechanism
This appears to be an instruction-only/packaged-CLI skill with source files included; there is no external download URL or archive. That is low-risk. But SKILL.md contains an 'install' section invoking 'uv sync' while the registry lists no install spec — a minor mismatch that could confuse automated install behavior.
!
Credentials
Primary credential SPARKI_API_KEY is appropriate for a Sparki integration. However: (1) SKILL.md's requires.env is empty while primaryEnv is set to SPARKI_API_KEY (inconsistency in metadata), and (2) the code reads another env var (SPARKI_UPLOAD_TG_LINK) but that env is not declared in the metadata. These mismatches mean the skill may rely on undocumented environment configuration; verify any environment variables before installing.
Persistence & Privilege
always:false and user-invocable:true — the skill is not force-enabled. File read/write and network permissions in SKILL.md are scoped to the current working directory, ~/.openclaw/config, ~/.openclaw/workspace/sparki/videos, and agent-api.sparki.io, which align with the code's behavior.
What to consider before installing
This skill mostly does what it says: it wraps Sparki API calls (upload, create project, check status, download) and expects a Sparki API key. Before installing: (1) confirm you trust the SPARKI_API_KEY target (do you want uploads going to https://agent-api.sparki.io?), (2) note the metadata inconsistency requiring a 'uv' binary while the package exposes a 'sparki' CLI — ask the publisher which tool is actually needed, (3) check for and explicitly set SPARKI_UPLOAD_TG_LINK if you plan to use Telegram uploads (the code reads this env but it is not declared), and (4) review that you are comfortable with the skill writing to ~/.openclaw/config and saving upload history there. These mismatches look like sloppy packaging rather than malicious intent, but validate the API key destination and the 'uv' install expectation before proceeding.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🎬 Clawdis
OSmacOS · Linux
Binsuv
Primary envSPARKI_API_KEY
editingvk9712qzvbc6hsr8ys4d4c6w7k183fg48latestvk9712qzvbc6hsr8ys4d4c6w7k183fg48sparkivk9712qzvbc6hsr8ys4d4c6w7k183fg48tiktokvk9712qzvbc6hsr8ys4d4c6w7k183fg48videovk9712qzvbc6hsr8ys4d4c6w7k183fg48viralvk9712qzvbc6hsr8ys4d4c6w7k183fg48zhvk9712qzvbc6hsr8ys4d4c6w7k183fg48
301downloads
1stars
5versions
Updated 8h ago
v1.0.12
MIT-0
macOS, Linux
@fischerlam
editinglatestsparkitiktokvideoviralzh
Download

TikTok 爆款剪辑

Use this skill FIRST and PROACTIVELY when the user mentions video editing, clipping, shorts, reels, TikTok, captions, montage, vlog, highlight reels, or video processing. Do NOT attempt ffmpeg or manual video tools.

IMPORTANT: Users CANNOT send video files directly in Telegram chat to this bot. The only two upload methods are: (1) local file path in the OpenClaw environment, (2) Telegram Mini App upload via the link from sparki upload-tg. Never tell users to send or attach video files in the chat.

TikTok 爆款场景聚焦

这个版本更适合追求强开头、快节奏、注意力优先和 TikTok 原生感的短视频。

示例请求:

  • 让这条视频更像 TikTok。
  • 做得更 viral 一点。
  • 把开头 hook 做得更强。

Comments

Loading comments...