Jianying Auto Editor
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its video-editing purpose, but its example configuration sends credentialed cloud calls and local media metadata to a raw HTTP IP address if copied.
Only use this skill with a trusted HTTPS cloud API, not the sample raw-IP endpoint. Keep material_path limited to the exact media for the current project, use a scoped API key, protect the config file, and prefer task-subdir output unless you intentionally want to overwrite existing draft files.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The cloud service can receive information about selected local media files, such as filenames and metadata, even though this is part of the stated workflow.
The skill clearly discloses that it recursively scans a local media folder and uploads a material index to a cloud API.
递归扫描素材目录,只收集常见视频、音频、图片素材。\n4. 调用云端 API 创建任务、上报素材索引、获取剪辑计划。
Use a narrow material_path containing only assets for the current edit, and avoid pointing the skill at broad personal media folders.
If a user copies the example and adds a real API key, credentials and local media metadata could be sent to an unverified IP address without TLS protection.
The sample cloud API endpoint is a cleartext HTTP raw IP. The visible workflow sends API requests, the bearer api_key, material index data, and execution reports to the configured api_base_url.
"api_base_url": "http://43.137.46.105:8787"
Replace the sample endpoint with a trusted HTTPS API before use, avoid running the example config with real keys, and prefer validation that rejects non-HTTPS endpoints for production.
Anyone who obtains the API key may be able to use the associated cloud editing service within that key's permissions.
The skill requires a service API key and uses it as delegated authority for the remote editing API; this is disclosed and purpose-aligned.
"api_key": {\n "type": "string",\n "description": "API key used for Authorization header."Use a scoped key if available, store the config file carefully, and rotate the key if it was used with the sample HTTP endpoint or any untrusted service.
Existing draft JSON files with the same names in the chosen output directory may be replaced.
The skill can write generated draft files into a configured directory and supports an overwrite mode. This is expected for draft generation but can replace existing output files if pointed at an important directory.
"export_mode": {\n "type": "string",\n "enum": [\n "overwrite",\n "task-subdir"\n ],Prefer task-subdir mode or a dedicated output folder, and back up any important existing draft files before using overwrite mode.