Remotion Server
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent for creating and rendering Remotion video projects, with user-directed setup that installs normal system and npm dependencies.
This skill appears safe for its stated purpose. Before installing, be prepared for a one-time Linux dependency setup that may require sudo and for project creation to download npm packages. Review generated video content before publishing, as the skill itself recommends.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running setup can make persistent system package changes on the machine.
The setup script may use sudo to install Linux browser dependencies. This is disclosed and purpose-aligned for headless rendering, but it modifies system-level packages.
if command -v sudo &> /dev/null; then
SUDO="sudo"
...
$SUDO apt-get update
...
$SUDO apt-get install -y \Run the setup only on a Linux system you administer, and review the listed packages before approving sudo prompts.
The generated project depends on packages fetched from the npm ecosystem when the script is run.
Project creation downloads dependencies from npm at runtime. This is expected for a Remotion scaffolding tool, but the artifact does not include a lockfile or fixed package versions in the command.
npm install --save-exact remotion @remotion/cli @remotion/tailwind > /dev/null 2>&1 npm install -D typescript @types/react tailwindcss > /dev/null 2>&1
Use this in a trusted project directory, review the generated package files, and consider pinning versions or using a lockfile for reproducible builds.