WayinVideo - Find Moments in the Video
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent and purpose-aligned, but users should know it uploads videos to WayinVideo, uses a Wayin API key, stores result files locally, and may poll in the background.
This skill appears safe for its stated purpose if you are comfortable using WayinVideo. Before installing, confirm that you can upload the target videos to WayinVideo, use a revocable API key, choose raw results instead of exported AI-hook clips if that is all you need, and clean up saved result files that may contain video metadata or export links.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can submit processing jobs under the user's WayinVideo account, which may affect usage limits, billing, or account activity.
The script reads the user's WayinVideo API key from the environment and uses it as a bearer token for API requests.
API_KEY = os.environ.get("WAYIN_API_KEY") ... "Authorization": f"Bearer {API_KEY}"Use a dedicated, revocable WayinVideo API key if available, and avoid sharing the key in chats, logs, or saved files.
Local video content may leave the user's machine and be processed by WayinVideo.
For local files, the skill requests a WayinVideo upload URL and sends the video file contents to that external upload destination.
init_url = "https://wayinvideo-api.wayin.ai/api/v2/upload/single-file" ... with open(file_path, 'rb') as f: ... urllib.request.Request(upload_url, data=f, headers=upload_headers, method="PUT")
Only use this skill for videos you are authorized to upload, and avoid sending private or regulated content unless WayinVideo's handling is acceptable.
Saved result files may reveal searched video content, task metadata, and temporary export links to anyone with access to the workspace.
The polling script persists raw API results, including clip/export information when present, into the local result JSON file.
data["api_response"] = api_response ... data["_metadata"]["export_links_expire_at"] = (now + timedelta(hours=24)).isoformat()
Store results in an appropriate workspace and delete JSON result files or exported links when they are no longer needed.
A background task may continue running and producing status notifications after the initial request.
The script can keep polling for results for up to four hours and send OpenClaw system-event notifications during processing.
def get_result(project_id, save_file, sleep_interval=15, max_timeout_seconds=14400, event_interval=300): ... while True: ... send_system_event(msg)
Start polling only when the user wants background processing, and stop or avoid it if the result is no longer needed.
The skill may spend extra processing time or account quota and may generate edited clips with AI-written promotional text.
The default recommended workflow renders clips and adds AI-generated hook text rather than only returning raw moment-search results.
**Use the `--export` and `--ai-hook` flags by default.** This ensures you receive downloadable links ... and the moments include attention-grabbing AI-generated text hooks.
If you only need timestamps or raw analysis, ask the agent to skip export and AI-hook generation.