Remotion Server
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: remotion-server Version: 1.2.1 The skill bundle provides a legitimate utility for headless video rendering using the Remotion framework. The included scripts (setup.sh and create.sh) perform standard environment preparation, such as installing necessary Linux shared libraries for Chrome Headless and scaffolding a React-based project with npm dependencies, with no evidence of malicious intent, data exfiltration, or prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running setup can make persistent system package changes on the machine.
The setup script may use sudo to install Linux browser dependencies. This is disclosed and purpose-aligned for headless rendering, but it modifies system-level packages.
if command -v sudo &> /dev/null; then
SUDO="sudo"
...
$SUDO apt-get update
...
$SUDO apt-get install -y \Run the setup only on a Linux system you administer, and review the listed packages before approving sudo prompts.
The generated project depends on packages fetched from the npm ecosystem when the script is run.
Project creation downloads dependencies from npm at runtime. This is expected for a Remotion scaffolding tool, but the artifact does not include a lockfile or fixed package versions in the command.
npm install --save-exact remotion @remotion/cli @remotion/tailwind > /dev/null 2>&1 npm install -D typescript @types/react tailwindcss > /dev/null 2>&1
Use this in a trusted project directory, review the generated package files, and consider pinning versions or using a lockfile for reproducible builds.