ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Remotion Best Practices

v1.0.0

Best practices for Remotion - Video creation in React

10· 6.9k·84 current·87 all-time
by@am-will
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Remotion best practices) matches the content: many markdown rules and example TSX components covering Remotion, Three.js, Mediabunny, fonts, captions, etc. Required env vars/binaries/config paths are none — consistent for a documentation skill. Example mentions of packages (e.g., @remotion/three, @remotion/media, mediabunny) are expected for Remotion guidance.
Instruction Scope
SKILL.md simply points to the rule files and instructs the agent to use the rules when dealing with Remotion code — appropriate for a guidance skill. The rule files include code examples that call fetch() and reference remote URLs (e.g., remotion.media, api.example.com) and Mediabunny APIs; these are example usage patterns, not instructions for the skill agent to exfiltrate data. Note: some examples include nonstandard/odd syntax (e.g., 'using input = new Input', 'using videoSample of ...') which appears to be pseudo/resource-management notation rather than executable JS/TS and should be reviewed before copy-paste into real projects.
Install Mechanism
No install spec — instruction-only skill. This minimizes installation risk; the files are plain markdown and example code. The skill does not download or extract remote archives or create binaries.
Credentials
The skill declares no required environment variables, credentials, or config paths. The content references installing typical Remotion/npm packages, but does not request unrelated secrets or credentials.
Persistence & Privilege
always:false and no special privileges requested. The skill does not modify other skills or system settings; autonomous model invocation is allowed (default) but not combined with other concerning behaviors.
Assessment
This skill is documentation and example code for Remotion and appears coherent with its stated purpose. Before using the code: 1) review and test the TSX examples (some snippets use nonstandard 'using' notation or pseudo-code that may need edits), 2) be aware examples show network fetches and remote URLs — only fetch from trusted endpoints, and sanitize any user-supplied URLs, and 3) when you install the npm packages the examples reference, prefer official package names on the registry and inspect package versions. No credentials or system changes are required by the skill itself, but always review example code before running it in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk970jxtx6f3088mahazvzt9f817zm5vy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments