Trust Assessment
remotion received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 3 medium, and 0 low severity. Key findings include Missing required field: name, Broad Bash tool access enables command injection, Unpinned npm dependencies in installation examples.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 15, 2026 (commit 1823c3f6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad Bash tool access enables command injection The skill declares `Bash` as an allowed tool in its manifest. While necessary for the skill's described functionality (e.g., running `npm`, `npx` commands), this permission allows the agent to execute arbitrary shell commands. If the agent constructs `bash` commands using untrusted user input (e.g., for project names, file paths, or render options as shown in the examples), it creates a direct path for command injection. The skill's examples demonstrate commands like `npx create-video@latest my-video` and `npx remotion render ... out/video.mp4` which are susceptible to injection if `my-video` or `out/video.mp4` were user-controlled. Implement robust input sanitization and validation for all user-provided data used in `bash` commands. Prefer using tool-specific APIs or libraries that handle escaping over direct shell execution when possible. If direct shell execution is unavoidable, ensure all user inputs are properly quoted and escaped (e.g., using `shlex.quote` in Python). | LLM | Manifest | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | plugins/specweave-media/skills/remotion/SKILL.md:1 | |
| MEDIUM | Unpinned npm dependencies in installation examples The skill's workflow examples include `npm install remotion @remotion/cli @remotion/bundler`. These commands do not specify exact versions for the packages, which can lead to non-deterministic builds and introduce vulnerabilities if a package maintainer pushes a malicious update or if a dependency is compromised. While `npx create-video@latest` uses `@latest`, this also carries risk as a malicious `latest` version could be published. Recommend pinning exact versions for all npm dependencies (e.g., `npm install remotion@x.y.z`). For `npx` commands, consider using a specific version instead of `@latest` if stability and security are paramount, or ensure a robust review process for new versions. | LLM | SKILL.md:35 | |
| MEDIUM | Addition of external skills from unverified source The skill suggests installing "Remotion's official agent skills" via `npx skills add remotion-dev/skills`. While described as "official", adding external skills from a remote source introduces a supply chain risk. If the `remotion-dev/skills` repository or its hosting platform were compromised, malicious code could be injected into the agent's capabilities. Advise caution when adding external skills. Implement a verification process for external skill sources, such as code review, scanning, or sandboxing. Consider hosting critical skills internally or from trusted, immutable sources. | LLM | SKILL.md:180 |
Scan History
Embed Code
[](https://skillshield.io/report/35d80b74879dc0e5)
Powered by SkillShield