Back to skill

Security audit

Remotion Best Practices

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Remotion helper with expected project setup and optional AWS Lambda rendering guidance; the main caution is handling AWS credentials safely.

Safe to install as Remotion guidance. Before using Lambda rendering, use least-privilege AWS credentials or temporary/profile-based auth, review the AWS resources and costs it may create, and avoid putting secrets in committed files, logs, or shared shell history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation instructs users to set long-lived AWS credentials directly as environment variables but does not include any warning about secure handling, least privilege, rotation, or avoiding committing secrets to shell history and source files. While environment variables are a common mechanism, presenting them without safety guidance can lead users to expose privileged AWS keys in insecure local setups, CI logs, or shared environments.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.