URL to Video Generator
PassAudited by ClawScan on May 12, 2026.
Overview
This skill appears aligned with generating promotional videos from websites, but it will fetch URLs, run local build commands, install packages, and download media as part of that workflow.
Before installing or using it, confirm you are comfortable letting it fetch the target website, install npm dependencies, download background music, and create/render a local Remotion project. Avoid private URLs or confidential website content unless that processing is intended.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If pointed at a private or internal URL, the skill may read content from that location while preparing the video.
The helper accepts a user-supplied URL and fetches it to extract colors. This is expected for a website-to-video tool, but it means the skill can make network requests to whatever URL is supplied.
url = sys.argv[1] ... urllib.request.urlopen(req, timeout=15)
Use public, intended website URLs and avoid private/internal addresses unless you explicitly want them processed.
The generated project may install newer compatible package versions and download media from the internet.
The project setup pulls npm packages using semver ranges and downloads a remote MP3. These are normal for this video-generation workflow, but they depend on external package/media sources.
"@remotion/cli": "^4.0.0", "react": "^18.2.0", ... curl -L -o audio/bgm.mp3 "https://cdn.pixabay.com/download/audio/..."
Run npm installs in a normal project directory, review package.json, and consider using a lockfile or pinned versions if reproducibility matters.
A malformed brand name could break the generated project scripts or cause unintended shell behavior when npm scripts are run.
The helper generates an npm build script that later executes Remotion using the provided brand name. Local code execution is expected for rendering, but the brand should be treated as a safe slug.
BRAND=$1 ... "build": "remotion render src/index.tsx ${BRAND}-promo out/video.mp4" ... echo " 5. npm run build"Use simple alphanumeric brand slugs such as 'acme' or 'mybrand', and review the generated package.json before running npm scripts.