Shellbot Product Video

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Remotion product-video skill; one server-rendering example needs normal production hardening if reused.

Safe to install for Remotion product-video work. Treat bundled server and cloud rendering snippets as examples, not production-ready services, and avoid exposing render endpoints publicly without access control and resource limits.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The Express example exposes a /render endpoint that accepts arbitrary user-supplied compositionId and props, then performs potentially expensive server-side rendering and returns the media buffer directly. Without authentication, authorization, input validation, rate limiting, and resource controls, this pattern can enable abuse such as denial of service, excessive compute consumption, and unintended rendering of internal compositions or unsafe inputs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal