ai-vlog-editor 安全扫描报告 — 可信 | ClawSafe

0 /100

ai-vlog-editor

OpenClaw skill for Sparki AI video editing — upload, edit, poll, and download video projects

This is a legitimate AI video editing skill with no security issues — all filesystem and network operations strictly match declared permissions, API key is used for authentication only, and no sensitive data exfiltration was found.

技能名称ai-vlog-editor

分析耗时30.0s

引擎pi

✓

可以安装

This skill is safe to use. No action required.

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ,WRITE`	`READ,WRITE`	✓ 一致	Reads $CWD, writes ~/.openclaw/config and ~/.openclaw/workspace/sparki/videos — …
网络访问	`READ`	`READ`	✓ 一致	Only connects to agent-api.sparki.io — matches declaration
环境变量	`NONE`	`READ`	✓ 一致	Reads SPARKI_API_KEY for authentication, not declared but a standard, non-harmfu…
命令执行	`NONE`	`NONE`	—	No shell execution found
技能调用	`NONE`	`NONE`	—	No inter-skill invocation
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser automation
数据库	`NONE`	`NONE`	—	No database access

7 项发现

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/ClawHub-Skill-blueviolet

README.md:3

🔗

中危外部 URL 外部 URL

https://clawhub.io

README.md:3

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/version-1.0.12-blue

README.md:4

🔗

中危外部 URL 外部 URL

https://sparki.io

SKILL.md:17

🔗

中危外部 URL 外部 URL

https://agent-api.sparki.io

src/sparki_cli/constants.py:61

🔗

中危外部 URL 外部 URL

https://t.me/Sparki_AI_bot/upload

src/sparki_cli/constants.py:62

🔗

中危外部 URL 外部 URL

https://sparki.io/pricing

src/sparki_cli/constants.py:101

目录结构

11 文件 · 33.3 KB · 1010 行

Python 7f · 904L Markdown 2f · 71L TOML 1f · 31L JSON 1f · 4L

├─ ▾ 📁 src

│ └─ ▾ 📁 sparki_cli

│ ├─ 🐍 __init__.py Python 3L · 81 B

│ ├─ 🐍 cli.py Python 507L · 17.1 KB

│ ├─ 🐍 client.py Python 99L · 4.0 KB

│ ├─ 🐍 config.py Python 55L · 1.9 KB

│ ├─ 🐍 constants.py Python 139L · 4.8 KB

│ ├─ 🐍 models.py Python 59L · 1.3 KB

│ └─ 🐍 output.py Python 42L · 1.0 KB

├─ 📋 _meta.json JSON 4L · 54 B

├─ 📄 pyproject.toml TOML 31L · 579 B

├─ 📝 README.md Markdown 28L · 936 B

└─ 📝 SKILL.md Markdown 43L · 1.5 KB

依赖分析 3 项

包名	版本	来源	已知漏洞	备注
`typer`	`>=0.9.0`	pip	否	Version range pinned — standard CLI framework
`httpx`	`>=0.27.0`	pip	否	Version range pinned — async HTTP client
`pydantic`	`>=2.0.0`	pip	否	Version range pinned — data validation

安全亮点

✓ All network requests are restricted to the single declared domain (agent-api.sparki.io)

✓ Filesystem writes are confined to declared paths (~/.openclaw/config and ~/.openclaw/workspace/sparki/videos)

✓ API key is used solely for backend authentication — never exfiltrated or logged

✓ No shell execution, subprocess calls, or command injection vectors

✓ No base64 encoding, obfuscation, or anti-analysis patterns

✓ Dependencies are version-pinned with known-good ranges (typer>=0.9.0, httpx>=0.27.0, pydantic>=2.0.0)

✓ No supply chain risks — all dependencies are standard, well-known Python packages

✓ No hidden functionality; SKILL.md documentation accurately describes all CLI commands

✓ No persistence mechanisms (no cron, startup hooks, or backdoor installation)

✓ No prompt injection vectors detected