Is remotion safe?

https://clawhub.ai/am-will/remotion

95
SAFE

This skill is a clean, documentation-only best-practices reference for the Remotion video framework. It contains 30 markdown rule files with React/TypeScript code examples, 3 TSX example components, and an empty package.json. No prompt injection, data exfiltration, code execution risks, or suspicious clone behavior were detected. The skill poses negligible security risk.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 97/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 92/100 · 5%

Findings (5)

LOW Mild behavioral directive in SKILL.md -5

SKILL.md contains a soft directive telling the agent when to activate the skill. This is standard skill activation language and poses no security risk.

INFO External URLs in code examples only -3

External URLs appear only within code example blocks as illustrative src attributes. No instructions to fetch, exfiltrate, or access sensitive data.

LOW TSX example files and package install commands -10

The skill includes .tsx example files and bash commands for installing Remotion sub-packages. All are standard documentation patterns. No auto-execution mechanisms exist. Package.json is empty (no install hooks).

INFO Clean installation profile 0

No network activity, no process spawning, no filesystem modifications outside the skill directory. All filesystem events are standard OS/platform operations.

INFO Pure documentation skill with no attack surface -8

This is a straightforward best-practices reference for the Remotion video framework. It provides no mechanism for an attacker to exfiltrate data, escalate privileges, or manipulate agent behavior beyond normal documentation consumption.