Remotion Video Generator
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill mostly matches video generation, but it needs review because its brand-scraping helper can execute injected code from a crafted URL and its default preview workflow exposes a local server through a public tunnel.
Use this skill only in a sandboxed workspace until the scraping helper is fixed. Avoid passing untrusted or unusual URLs, review any Cloudflare tunnel dependency before running it, approve public preview sharing explicitly, and stop the dev server and tunnel when finished.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or malformed website URL could cause commands to run on the user's machine under the agent's permissions.
The user-controlled URL is inserted directly into Python code inside a quoted python3 -c string. A URL containing a single quote and Python statements could break out of the string and execute local code when the helper runs.
URL="${1:-https://example.com}" ... python3 -c " ... url = '$URL' ..."Rewrite the helper to pass the URL as an argument or environment variable to Python, validate allowed URL schemes, and avoid constructing executable code with unescaped user input.
The agent may run unreviewed code from another skill to create a public tunnel, making the actual networking and cleanup behavior unclear.
The default workflow invokes a helper script from a separate cloudflare-tunnel skill that is not included in this skill's manifest or file contents, so its behavior is not reviewable here even though it is part of the default workflow.
Expose via Cloudflare tunnel so user can access: bash skills/cloudflare-tunnel/scripts/tunnel.sh start 3000
Include the referenced helper in the reviewed package, declare the dependency explicitly, or require the user to approve and inspect that separate skill before running it.
Video project files, local preview content, or development server functionality may be reachable by anyone with the public tunnel URL while it is active.
The workflow publishes a local Remotion Studio server through an external public tunnel, but the provided artifacts do not define access controls, authentication, allowed data exposure, or tunnel shutdown behavior.
Expose via Cloudflare tunnel so user can access ... Send the user the public URL (e.g. `https://xxx.trycloudflare.com`)
Ask for explicit user approval before opening a tunnel, limit what the server exposes, use authentication if available, and provide a clear command to stop the server and tunnel after preview.
The preview server may keep running after the user is done, consuming resources or remaining accessible if paired with a tunnel.
A background dev server is purpose-aligned for live video preview, but it is a long-running process and the provided excerpt does not show explicit lifecycle or cleanup instructions.
Start Remotion Studio as a background process: cd output/<project-name> && npm run dev
Document when the background server starts, how long it should run, and exactly how the user or agent should stop it.