long-to-short 安全扫描报告 — 可信 | ClawSafe

5 /100

long-to-short

Sparki AI skill for turning long videos into short-form clips with hooks and cleaner cutdowns

Legitimate Sparki AI video editing CLI tool with no malicious behavior detected; all declared permissions match actual implementation.

技能名称long-to-short

分析耗时37.9s

引擎pi

✓

可以安装

This skill is safe to use. No security concerns identified.

安全发现 1 项

严重性	安全发现	位置
低危	Dependencies use loose version constraints 供应链 All dependencies (typer>=0.9.0, httpx>=0.27.0, pydantic>=2.0.0) use >= pins instead of exact versions or ~ constraints. While not inherently malicious, this allows minor/patch updates without review. `typer>=0.9.0` → Consider pinning to specific versions (e.g., typer==0.12.0) for reproducible builds.	`pyproject.toml:10`

资源类型	声明权限	推断权限	状态	证据
文件系统	`WRITE`	`WRITE`	✓ 一致	config.py:18-19 writes to $HOME/.openclaw/config; cli.py:62 writes project histo…
网络访问	`READ`	`READ`	✓ 一致	client.py:37-39 all API calls to agent-api.sparki.io; download_result follows re…
命令执行	`NONE`	`NONE`	—	No subprocess, os.system, or shell execution found in codebase
环境变量	`NONE`	`READ`	✓ 一致	config.py:20 checks SPARKI_API_KEY env var; cli.py has no undeclared environment…

7 项发现

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/ClawHub-Skill-blueviolet

README.md:3

🔗

中危外部 URL 外部 URL

https://clawhub.io

README.md:3

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/version-1.0.12-blue

README.md:4

🔗

中危外部 URL 外部 URL

https://sparki.io

SKILL.md:17

🔗

中危外部 URL 外部 URL

https://agent-api.sparki.io

src/sparki_cli/constants.py:61

🔗

中危外部 URL 外部 URL

https://t.me/Sparki_AI_bot/upload

src/sparki_cli/constants.py:62

🔗

中危外部 URL 外部 URL

https://sparki.io/pricing

src/sparki_cli/constants.py:101

目录结构

11 文件 · 33.3 KB · 1010 行

Python 7f · 904L Markdown 2f · 71L TOML 1f · 31L JSON 1f · 4L

├─ ▾ 📁 src

│ └─ ▾ 📁 sparki_cli

│ ├─ 🐍 __init__.py Python 3L · 81 B

│ ├─ 🐍 cli.py Python 507L · 17.1 KB

│ ├─ 🐍 client.py Python 99L · 4.0 KB

│ ├─ 🐍 config.py Python 55L · 1.9 KB

│ ├─ 🐍 constants.py Python 139L · 4.8 KB

│ ├─ 🐍 models.py Python 59L · 1.3 KB

│ └─ 🐍 output.py Python 42L · 1.0 KB

├─ 📋 _meta.json JSON 4L · 53 B

├─ 📄 pyproject.toml TOML 31L · 579 B

├─ 📝 README.md Markdown 28L · 1.0 KB

└─ 📝 SKILL.md Markdown 43L · 1.5 KB

依赖分析 3 项

包名	版本	来源	已知漏洞	备注
`typer`	`>=0.9.0`	pip	否	Major version pinned only
`httpx`	`>=0.27.0`	pip	否	Major version pinned only
`pydantic`	`>=2.0.0`	pip	否	Major version pinned only

安全亮点

✓ No subprocess, os.system, shell execution, or base64/eval found anywhere in the codebase

✓ All network traffic confined to declared domain agent-api.sparki.io

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env files)

✓ No credential exfiltration or data theft patterns

✓ No obfuscation techniques (base64 encoding, dynamic execution, anti-analysis)

✓ No hidden functionality or doc-to-code mismatch

✓ Configuration writes scoped to declared paths only ($HOME/.openclaw/config, $HOME/.openclaw/workspace/sparki/videos)

✓ No persistence mechanisms (no cron, startup hooks, or backdoor installation)

✓ Uses reputable, well-audited dependencies (httpx, typer, pydantic)

✓ Clean async HTTP implementation using httpx AsyncClient throughout