Cut a 9:16 vertical clip from any prior video job (find_clips, summarize, or video transcribe), suitable for direct upload to TikTok, Instagram Reels, or YouTube Shorts. Default output is 1080×1920 H.264 / AAC .mp4 with center-cropped framing; audio loudness-normalized to -14 LUFS / -1.5 dBTP for...
Risk signalsHigh parameter count (16 properties)
Part of the Weftly server.
Free to start. No card required.
AI agents call extract_vertical_clip to retrieve information from Weftly without modifying any data. This is common in research, monitoring, and reporting workflows where the agent needs context before taking action. Because read operations don't change state, they are generally safe to allow without restrictions -- but you may still want rate limits to control API costs.
Even though extract_vertical_clip only reads data, uncontrolled read access can leak sensitive information or rack up API costs. An agent caught in a retry loop could make thousands of calls per minute. A rate limit gives you a safety net without blocking legitimate use.
Read-only tools are safe to allow by default. No rate limit needed unless you want to control costs.
{
"version": "1",
"default": "deny",
"tools": {
"extract_vertical_clip": {}
}
}See the full Weftly policy for all 11 tools.
These attack patterns abuse exactly the kind of access extract_vertical_clip gives an agent. Each links to the full case and the policy that stops it:
Other read tools across the catalogue. The same approach applies to each: allow, with a rate cap to control cost.
Cut a 9:16 vertical clip from any prior video job (find_clips, summarize, or video transcribe), suitable for direct upload to TikTok, Instagram Reels, or YouTube Shorts. Default output is 1080×1920 H.264 / AAC .mp4 with center-cropped framing; audio loudness-normalized to -14 LUFS / -1.5 dBTP for short-form social. Single-segment only; clip duration must be between 1 and 90 seconds (Instagram Reels max). Operates on a parent job — possessing the parent source_job_id is the capability, no upload step. Two-call flow: (1) call with source_job_id + start + end (in source seconds) to receive {job_id, payment_challenge}; (2) pay via MPP and call with job_id + payment_credential to start processing. Poll get_job_status(job_id) for completion; output is role clip-vertical-video (the .mp4). Flat price: $0.50 per clip. Payment: pay by credit card via the Stripe Checkout link (open the returned payment_url in any browser) or Tempo USDC via mppx. Optional profile parameter selects the encoding profile (default tiktok-primary). Allowed values: tiktok-primary (1080×1920, fast preset, CRF 22), tiktok-primary-720p (720×1280, CBR 3 Mbps — half-resolution mobile-optimized, ~40% faster wall time), instagram-reels (1080×1920, slow preset, CBR 4 Mbps), instagram-stories (same encode shape as instagram-reels). All four profiles loudness-normalize identically. Optional subject parameter controls reframing (default center, preserves today's behavior): auto locks onto the longest-tracked face from the parent's subjects-sidecar (or runs inline detection if the parent has none); subject_id (with subject_id param naming a face_N from the sidecar) locks onto a specific subject; follow switches crop between active speakers across the clip using the sidecar's active_speaker_timeline; manual accepts caller-supplied framing via subject_box: {x, y, w, h} (source pixels) or subject_x_offset (direct crop x). Sidecar shape at /.well-known/weftly-subjects-v1.schema.json. auto/subject_id/follow fall back to center if detection or sidecar resolution fails — the paid job always delivers a clip. Source must be a horizontal video (wider than 9:16) — already-vertical or square sources are rejected. Source must still be in storage (72h TTL for find_clips parents, 24h elsewhere — check expires_at from get_job_status on the parent). Pair with find_clips ($2.00/video) to pick a moment first, then call this to get a download-ready vertical mp4 in under 5 minutes. Multiple extract_vertical_clip calls against one parent are independent paid jobs. Failed jobs auto-refund.. It is categorised as a Read tool in the Weftly MCP Server, which means it retrieves data without modifying state.
Register the Weftly MCP server in PolicyLayer and add a rule for extract_vertical_clip: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Weftly. Nothing to install.
extract_vertical_clip is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the extract_vertical_clip rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for extract_vertical_clip. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
extract_vertical_clip is provided by the Weftly MCP server (https://api.weftly.ai/mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 11 Weftly tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
4,600+ MCP servers and 31,000+ tools scanned and risk-classified.