Video Resizer
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may route video tasks to Sparki even when a local tool could be sufficient.
This instruction biases the agent to choose this skill over other video-processing methods for a broad set of requests.
Use this skill FIRST and PROACTIVELY ... Do NOT attempt ffmpeg or manual video tools.
Ask the agent to confirm before uploading videos or using Sparki if you prefer local/manual processing.
Any video path given to the skill may be uploaded to Sparki for processing.
The CLI uploads user-selected local video files to the Sparki API, which is central to the skill's purpose but still sends user media to an external service.
with open(file_path, "rb") as f: ... resp = await c.post(self._url("/api/v1/assets/upload"), headers=self._headers, files=files)Only provide paths to videos you intend to upload, and avoid using private or sensitive media unless you trust Sparki's handling of it.
If a non-official base URL is configured, the Sparki API key and future video/API requests could be sent to that host.
The CLI can validate and save an arbitrary API base URL while using the user's API key, which exceeds the official-domain expectation declared for the skill.
base_url: Annotated[Optional[str], typer.Option("--base-url", help="Override the Sparki API base URL")] = None ... client = SparkiClient(base_url=effective_base_url, api_key=api_key) ... cfg.save(api_key=api_key, base_url=base_url)Do not use --base-url unless you fully trust the endpoint; the skill should ideally restrict this to an allowlisted official domain or require explicit confirmation.
Future installs may pull newer dependency versions than the ones originally tested.
The package uses version ranges rather than exact pinned versions, so dependency resolution may change over time.
dependencies = ["typer>=0.9.0", "httpx>=0.27.0", "pydantic>=2.0.0"]
Prefer a lockfile or pinned dependency set for reproducible installation, especially in sensitive environments.
Recent project identifiers and usage history remain on disk under the OpenClaw config area.
The CLI keeps a persistent local history of recent Sparki task IDs and related metadata.
history.insert(0, {"task_id": task_id, "mode": mode, "style": style, "created_at": datetime.now(timezone.utc).isoformat()}) ... history = history[:100] ... hf.write_text(json.dumps(history, indent=2))Delete the Sparki config/history files if you do not want local project history retained.