Remotion Server
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running setup can make persistent system package changes on the machine.
The setup script may use sudo to install Linux browser dependencies. This is disclosed and purpose-aligned for headless rendering, but it modifies system-level packages.
if command -v sudo &> /dev/null; then
SUDO="sudo"
...
$SUDO apt-get update
...
$SUDO apt-get install -y \Run the setup only on a Linux system you administer, and review the listed packages before approving sudo prompts.
The generated project depends on packages fetched from the npm ecosystem when the script is run.
Project creation downloads dependencies from npm at runtime. This is expected for a Remotion scaffolding tool, but the artifact does not include a lockfile or fixed package versions in the command.
npm install --save-exact remotion @remotion/cli @remotion/tailwind > /dev/null 2>&1 npm install -D typescript @types/react tailwindcss > /dev/null 2>&1
Use this in a trusted project directory, review the generated package files, and consider pinning versions or using a lockfile for reproducible builds.