Remotion

Security checks across malware telemetry and agentic risk

Overview

This is a Remotion reference skill made of documentation and examples, with only normal cautions around package installs and remote media URLs.

Reasonable to install as Remotion documentation. Before copying examples, review any package-manager changes, use trusted package names, and prefer local or trusted remote assets because remote media and fetch examples can make network requests during preview or render.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The documentation explicitly encourages loading remote images by URL but does not warn that rendering will cause outbound network requests to third-party hosts. In a video-rendering context, this can leak IP address, timing, environment metadata, and create privacy, availability, or reproducibility issues if untrusted or unstable remote assets are used.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal