Video Generator
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a plausible Remotion video workflow, but its default instructions open a public preview tunnel and start a background server, so it needs review before use.
Use this skill only if you are comfortable with the agent running npm setup commands, using a Firecrawl API key for brand scraping, and opening a public preview URL. Ask it to get confirmation before starting the tunnel and to stop the background server/tunnel when you are done.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A generated project preview could remain reachable from the internet longer than the user expects.
The default workflow starts a long-running local server and exposes it publicly. That is disclosed and related to previewing videos, but the artifact does not show an explicit approval, access-control, lifetime, or stop/cleanup boundary before opening the tunnel.
**Start Remotion Studio** as a background process: `cd output/<project-name> && npm run dev` ... **Expose via Cloudflare tunnel** so user can access it: `bash skills/cloudflare-tunnel/scripts/tunnel.sh start 3000`
Require user confirmation before starting any public tunnel, show what will be exposed, and provide/execute a clear stop command when the preview is finished.
The agent may download and run current npm package code or helper scripts that were not included in the reviewed artifact set.
The skill relies on unpinned/latest npm setup and shell helper scripts while the supplied package is instruction-only. These actions are expected for a Remotion workflow, but users should notice the external code/provenance dependency.
`cd output && npx --yes create-video@latest my-video --template blank` ... `npm install` ... `bash scripts/firecrawl.sh "https://example.com"`
Pin package versions where possible, review helper scripts before execution, and document required binaries/scripts in the install metadata.
Your Firecrawl account quota or billing could be used when generating product or company videos.
The skill asks for a Firecrawl API key for product/company scraping, while the registry metadata declares no primary credential or required environment variables. The use is purpose-aligned, but it is under-disclosed in metadata.
API Key: Set `FIRECRAWL_API_KEY` in `.env` (see TOOLS.md).
Use a limited Firecrawl key, set it only when needed, and update the skill metadata to declare the optional/conditional credential.