ai-vlog-editor Security Report — Trusted | ClawSafe

0 /100

ai-vlog-editor

OpenClaw skill for Sparki AI video editing — upload, edit, poll, and download video projects

This is a legitimate AI video editing skill with no security issues — all filesystem and network operations strictly match declared permissions, API key is used for authentication only, and no sensitive data exfiltration was found.

Skill Nameai-vlog-editor

Duration30.0s

Enginepi

✓

Safe to install

This skill is safe to use. No action required.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ,WRITE`	`READ,WRITE`	✓ Aligned	Reads $CWD, writes ~/.openclaw/config and ~/.openclaw/workspace/sparki/videos — …
Network	`READ`	`READ`	✓ Aligned	Only connects to agent-api.sparki.io — matches declaration
Environment	`NONE`	`READ`	✓ Aligned	Reads SPARKI_API_KEY for authentication, not declared but a standard, non-harmfu…
Shell	`NONE`	`NONE`	—	No shell execution found
Skill Invoke	`NONE`	`NONE`	—	No inter-skill invocation
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser automation
Database	`NONE`	`NONE`	—	No database access

7 findings

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/ClawHub-Skill-blueviolet

README.md:3

🔗

Medium External URL 外部 URL

https://clawhub.io

README.md:3

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/version-1.0.12-blue

README.md:4

🔗

Medium External URL 外部 URL

https://sparki.io

SKILL.md:17

🔗

Medium External URL 外部 URL

https://agent-api.sparki.io

src/sparki_cli/constants.py:61

🔗

Medium External URL 外部 URL

https://t.me/Sparki_AI_bot/upload

src/sparki_cli/constants.py:62

🔗

Medium External URL 外部 URL

https://sparki.io/pricing

src/sparki_cli/constants.py:101

File Tree

11 files · 33.3 KB · 1010 lines

Python 7f · 904L Markdown 2f · 71L TOML 1f · 31L JSON 1f · 4L

├─ ▾ 📁 src

│ └─ ▾ 📁 sparki_cli

│ ├─ 🐍 __init__.py Python 3L · 81 B

│ ├─ 🐍 cli.py Python 507L · 17.1 KB

│ ├─ 🐍 client.py Python 99L · 4.0 KB

│ ├─ 🐍 config.py Python 55L · 1.9 KB

│ ├─ 🐍 constants.py Python 139L · 4.8 KB

│ ├─ 🐍 models.py Python 59L · 1.3 KB

│ └─ 🐍 output.py Python 42L · 1.0 KB

├─ 📋 _meta.json JSON 4L · 54 B

├─ 📄 pyproject.toml TOML 31L · 579 B

├─ 📝 README.md Markdown 28L · 936 B

└─ 📝 SKILL.md Markdown 43L · 1.5 KB

Dependencies 3 items

Package	Version	Source	Known Vulns	Notes
`typer`	`>=0.9.0`	pip	No	Version range pinned — standard CLI framework
`httpx`	`>=0.27.0`	pip	No	Version range pinned — async HTTP client
`pydantic`	`>=2.0.0`	pip	No	Version range pinned — data validation

Security Positives

✓ All network requests are restricted to the single declared domain (agent-api.sparki.io)

✓ Filesystem writes are confined to declared paths (~/.openclaw/config and ~/.openclaw/workspace/sparki/videos)

✓ API key is used solely for backend authentication — never exfiltrated or logged

✓ No shell execution, subprocess calls, or command injection vectors

✓ No base64 encoding, obfuscation, or anti-analysis patterns

✓ Dependencies are version-pinned with known-good ranges (typer>=0.9.0, httpx>=0.27.0, pydantic>=2.0.0)

✓ No supply chain risks — all dependencies are standard, well-known Python packages

✓ No hidden functionality; SKILL.md documentation accurately describes all CLI commands

✓ No persistence mechanisms (no cron, startup hooks, or backdoor installation)

✓ No prompt injection vectors detected

Scan Report

File Tree

Dependencies 3 items

Security Positives