Edu Video Generator

PassAudited by ClawScan on May 10, 2026.

Overview

This skill appears purpose-aligned for generating Remotion educational videos, with some normal but important local setup and rendering commands users should run only in trusted projects.

This appears safe to use as a Remotion educational video template. Before installing or running it, review npm package versions, run commands in a project directory you trust, and be cautious with troubleshooting commands or the render script’s disabled Chromium web security setting.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Installing or scaffolding a project will download and run code from npm, so the actual package code depends on the npm registry state at install time.

Why it was flagged

The setup guide asks users to fetch and run the latest npm scaffolding package. This is a normal Remotion project setup pattern, but @latest means the executed package version is not pinned in the artifact.

Skill content

npx create-video@latest my-video --template=blank

Recommendation

Run setup commands only in a trusted development environment, and consider pinning package versions if reproducibility or supply-chain control is important.

Low

#ASI02: Tool Misuse and Exploitation

What this means

If run carelessly, these troubleshooting commands could stop unrelated processes or change local system networking settings.

Why it was flagged

The troubleshooting documentation includes user-directed commands that can terminate processes or modify local network interface configuration. They are relevant to Remotion/Chrome rendering issues, but should not be executed automatically.

Skill content

pkill -f chrome-headless ... ip -6 addr add ::1/128 dev lo ... kill -9 <PID>

Recommendation

Review each troubleshooting command before running it, verify the targeted process or interface, and avoid privileged commands unless necessary.

Low

#ASI02: Tool Misuse and Exploitation

What this means

A malicious or untrusted video composition or asset could have fewer browser security restrictions while being rendered.

Why it was flagged

The render script configures Chromium with web security disabled during Remotion rendering. This can be useful for local rendering edge cases, but it weakens browser same-origin protections for rendered project content.

Skill content

chromiumOptions: {
      disableWebSecurity: true,
    }

Recommendation

Use this renderer only with trusted project code and assets; remove `disableWebSecurity: true` unless the project specifically requires it.