Remotion
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a Remotion help/reference skill; the only noteworthy items are user-directed package-install and remote-fetch examples that should be used deliberately.
This skill is reasonable to use as Remotion documentation. Before copying examples, run package-install commands only when needed, review dependency changes, and keep remote URLs or media sources trusted.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user runs these examples, their project dependencies may change and package-manager code may be installed or executed.
The documentation recommends user-run package-manager commands to add Remotion dependencies. This is expected for a Remotion guide, but it can install third-party packages and modify project dependency files.
npx remotion add @remotion/three # If project uses npm
Run these commands only in the intended project, verify package names, and review package.json and lockfile changes afterward.
Copied code could make network requests during rendering and may depend on remote data controlled by the provided URL.
The guide includes an example where generated Remotion code fetches a URL supplied through props. External data fetching is purpose-aligned, but users should avoid copying it with untrusted or overly broad URL inputs.
const response = await fetch(props.dataUrl, {signal: abortSignal});Use trusted, validated URLs and avoid passing secrets or sensitive data through render props or URLs.