OpenVid
ReviewAudited by ClawScan on May 10, 2026.
Overview
OpenVid looks like a disclosed paid external video API, but it needs review because it uses agent-wallet on-chain payments and its documented prices conflict.
Review wallet controls before installing or using this skill. It appears to be an instruction-only paid video service, not local code, but you should approve each payment manually, verify the exact 402 payment amount and recipient address, and avoid sending private URLs or sensitive prompt text.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could spend wallet funds for video generation if wallet controls allow it, and blockchain payments may be irreversible.
The skill delegates payment to the user's agent wallet. That is purpose-aligned for a paid service, but it is high-impact financial authority and the artifacts do not specify explicit user confirmation, spending limits, or rollback protections before signing.
Pay → Your agent/wallet sends payment on-chain (USDC on Base or SOL on Solana)
Require explicit user approval for every payment, verify the chain, amount, and pay-to address from the 402 response, and use wallet spending limits where possible.
A user may approve a payment expecting one price while the API requests a higher amount.
The paid-service documentation gives conflicting prices and duration ranges, which can mislead a user or agent deciding whether to approve an on-chain payment.
SKILL.md: "Pricing: $5–$20" and "90s | $20"; README.md: "90s | $30" and "3min | $60"
Do not auto-pay based on the documentation alone; compare the exact 402 payment amount against the intended duration before signing.
Any sensitive prompt text or private/internal URL provided to the skill could be exposed to the external service.
The skill clearly discloses that prompts and URLs are sent to an external service and that generated videos are retained temporarily.
What you send: Prompt text and (optionally) a public URL for brand extraction ... Videos stored on Cloudflare R2 for 7 days
Only provide public URLs and non-sensitive prompt content, as the skill itself recommends.