Skillv1.0.0

ClawScan security

Remotion Video Skill (ModelWise) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 13, 2026, 6:56 PM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with its Remotion/video authoring purpose — files, instructions, and lack of requested credentials match the description — but automated scanners found suspicious prompt-injection markers in the shipped docs, so inspect before running on a sensitive system.
Guidance: This skill appears to be what it claims: a Remotion-based set of components and templates. Before installing or running anything: 1) Inspect package.json for preinstall/postinstall scripts or commands that download and execute remote artifacts; 2) Open SKILL.md and task.md in a text editor that can show invisible characters to verify there are no embedded/base64 or control-character payloads; 3) If you plan to run npm install or render, do so in an isolated/sandbox environment (container or VM) rather than on a machine with sensitive keys or data; 4) If you need extra assurance, run a malware scan on the repository and review any network calls in source files for unexpected remote endpoints. If you want, I can parse package.json and task.md for lifecycle scripts and suspicious patterns — provide those files and I will analyze them.
Findings: [prompt-injection-base64-block] unexpected: A base64-block pattern was flagged in the SKILL.md / bundled documentation. Base64 content is not expected for a simple usage/instructions doc; it could be a false positive (large build assets sometimes contain base64) or indicate an embedded encoded payload. Inspect SKILL.md, task.md, and any docs for embedded base64 sections before running tooling. [unicode-control-chars] unexpected: Unicode control characters were flagged. These can be used to hide text or reorder visual output (spoofing). The visible SKILL.md provided looks normal, but check for invisible control characters in the docs (task.md, examples) or comments that might try to manipulate parsers or reviewers.

Review Dimensions

Purpose & Capability: okName/description describe a Remotion-based animation/video template library and the repository contains Remotion/React/TypeScript source, built bundles, templates, and examples. There are no unrelated credentials, binaries, or config paths requested — the requested capabilities align with the stated purpose.
Instruction Scope: noteSKILL.md instructions are limited and appropriate (npm install, npm run studio, npx remotion render ...). The README and development notes do not instruct the agent to read unrelated system files or exfiltrate data. However an automated pre-scan detected prompt-injection patterns (base64 block and unicode-control-chars) inside the skill files; while SKILL.md shown appears normal, you should inspect SKILL.md and the large task.md and other docs for hidden/encoded content or invisible control characters before running.
Install Mechanism: noteThere is no installer spec provided by the skill bundle (instruction-only in registry), but the project ships a package.json and package-lock.json and the instructions advise running npm install. Running npm install may execute lifecycle scripts (preinstall/postinstall/etc.) if present in package.json. This is typical for JS projects but worth checking: review package.json for any postinstall scripts or remote-download commands before executing npm install in a sensitive environment.
Credentials: okThe skill declares no required environment variables, no primary credential, and requests no config paths. That is proportionate for a local Remotion video template library.
Persistence & Privilege: okThe skill does not request always:true and is user-invocable only. There is no indication it modifies other skills or system-wide agent settings. It appears to be a normal project repository with no elevated platform privileges.