Remotion To Hyperframes

Security checks across malware telemetry and agentic risk

Overview

The skill appears to perform the stated Remotion-to-HyperFrames conversion, but it needs review because its validation flow can run project code and its generated examples load third-party scripts.

Use this skill only in a disposable checkout or sandbox, especially for projects you did not author. Review package scripts and setup.sh before validation, keep secrets out of the render environment, and prefer vendored or pinned local browser dependencies over CDN script tags.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (9)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The file loads executable JavaScript from a third-party CDN at runtime, which creates a supply-chain and external dependency risk: if the CDN, path, or delivered asset is compromised, arbitrary code will execute in the composition context. In this skill's context, translating a Remotion composition to HyperFrames does not inherently require fetching code from the public internet, so the external script dependency increases risk beyond the stated purpose.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The documentation instructs users to load `lottie.min.js` from a third-party CDN at runtime. That introduces unnecessary remote code execution and supply-chain risk into a translation skill whose purpose is code conversion, not fetching unpinned external dependencies; if the CDN content changes, is compromised, or is blocked, generated compositions may execute untrusted code or fail unpredictably.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The alternative DotLottie guidance loads `@lottiefiles/dotlottie-web` from unpkg, again adding a remote executable dependency unrelated to the core translation task. This expands the attack surface and makes generated output dependent on third-party network availability and integrity, which is especially risky in automation-oriented skills that users may trust and copy verbatim.

Missing User Warnings

Low

Confidence: 92% confidence
Finding: The HTML loads GSAP from a third-party CDN at runtime without any disclosure, pinning safeguards such as Subresource Integrity, or evidence of a controlled trust boundary. While common in demos, this creates a supply-chain and availability risk: if the CDN asset is modified, blocked, or replaced in transit, the composition executes untrusted code in the page context.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The code sends user-provided text to an external API as part of `calculateMetadata`, which can expose potentially sensitive input to a third party without any visible notice, consent, minimization, or data handling controls. In this skill context, the risk is more significant because metadata resolution happens automatically during translation/render preparation, so users may not expect their composition props to be transmitted off-box just to compute duration.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The document instructs the skill to create or modify `TRANSLATION_NOTES.md` as part of translation behavior without clearly requiring user consent for file writes. In an agent setting, implicit file modification can violate user expectations, cause unintended workspace changes, and be abused to persist misleading or unwanted content beyond the primary requested output.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The example embeds a third-party CDN script without any warning that users are executing remote code in their composition. Even if intended as convenience documentation, omission of that warning can mislead users into trusting copy-pasted code, increasing the chance of accidental exposure to supply-chain compromise or policy violations.

Missing User Warnings

Low

Confidence: 87% confidence
Finding: The DotLottie example similarly references unpkg without disclosing that it pulls executable code from a third party at runtime. In a skill that provides migration guidance, that omission normalizes insecure defaults and may cause users to deploy remote script dependencies unintentionally.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documentation instructs translators to emit arbitrary external <iframe> sources without warning about the security and privacy implications of loading third-party content. In this skill context, that can cause generated compositions to embed untrusted remote pages during rendering, potentially triggering network access, data leakage, tracking, nondeterministic renders, or unexpected browser behavior in the render environment.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal