Remotion
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user runs these examples, their project dependencies may change and package-manager code may be installed or executed.
The documentation recommends user-run package-manager commands to add Remotion dependencies. This is expected for a Remotion guide, but it can install third-party packages and modify project dependency files.
npx remotion add @remotion/three # If project uses npm
Run these commands only in the intended project, verify package names, and review package.json and lockfile changes afterward.
Copied code could make network requests during rendering and may depend on remote data controlled by the provided URL.
The guide includes an example where generated Remotion code fetches a URL supplied through props. External data fetching is purpose-aligned, but users should avoid copying it with untrusted or overly broad URL inputs.
const response = await fetch(props.dataUrl, {signal: abortSignal});Use trusted, validated URLs and avoid passing secrets or sensitive data through render props or URLs.