Back to skill

Security audit

Remotion Best Practices

Security checks across malware telemetry and agentic risk

Overview

This is a Remotion documentation skill with relevant examples and no evidence of hidden, destructive, credential-stealing, or persistent behavior.

Install this if you want Remotion-specific coding guidance. Review any generated package-add commands before running them, prefer local or trusted media assets for sensitive projects, and avoid cloud transcription for confidential audio unless you have checked the provider's privacy, retention, consent, and compliance terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Low
Confidence
84% confidence
Finding
The guidance explicitly recommends loading remote images directly from external URLs without warning that doing so causes outbound requests to third-party servers during preview or rendering. This can leak IP addresses, request metadata, and timing information, and may introduce reliability or compliance issues if untrusted or user-specific URLs are used.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill recommends a cloud-based transcription option using the OpenAI Whisper API but does not warn that audio content will be transmitted to an external third-party service. This can lead users to upload sensitive, proprietary, or regulated audio without understanding the privacy, retention, or compliance implications.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.