Remotion Word Highlight Subtitles
AdvisoryAudited by Static analysis on May 3, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent will run local command-line tools and rendering workflows on the selected video, which can consume CPU/GPU time and create or overwrite output files if paths are reused.
The skill explicitly instructs the agent to execute local media, Python, and rendering commands. This is central to the stated video-subtitling purpose, but it is still local code/tool execution.
Run Whisper word timestamp transcription... Convert the Whisper JSON... Build or reuse a small Remotion project... Render with Remotion to the output path
Use the skill only on video paths you intend to process, review output paths before rendering, and keep the required local tools updated and trusted.
Security depends partly on the local Whisper, ffmpeg, Node/npm, and Remotion environment used to run the workflow.
The skill relies on preinstalled local tooling and likely Remotion/npm project dependencies, while the registry metadata does not provide a source or homepage. This is not inherently unsafe, but it limits provenance review.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill; Required binaries: python3, ffmpeg, ffprobe, whisper, node, npm
Install required tools from trusted sources, avoid running the workflow inside untrusted existing npm projects, and review any generated or reused Remotion project dependencies.
Private audio content from the video may remain on disk in JSON caption/transcript files and in copied or rendered video outputs.
The workflow creates persistent transcript and caption files derived from the user's local video/audio content. This is expected for subtitle rendering, but those files may contain sensitive speech or context.
Transcribes a local video with Whisper `word_timestamps`... Converts Whisper's word-level JSON into Remotion-friendly `captions.json`... Writes the rendered video next to the source file.
Process sensitive videos in a controlled folder, delete intermediate Whisper JSON/captions files when no longer needed, and avoid sharing the Remotion project folder unless you intend to share the transcript.