remotion-to-hyperframes

Warn

Audited by Socket on Jun 27, 2026

1 alert found:

Anomaly
AnomalyLOW
assets/test-corpus/run.sh

No explicit malicious behavior (exfiltration, backdoor indicators, hardcoded credentials, obvious obfuscated payloads) is present in this Bash orchestrator file. However, it substantially increases supply-chain and host-execution exposure by (1) executing fixture-provided setup.sh and validate.sh with no sandboxing and (2) performing runtime npm install inside fixture directories without visible pinning/integrity controls. Treat fixtures and dependency provenance as high trust or add sandboxing, pinning, and integrity verification to reduce risk.

Confidence: 63%Severity: 60%
Audit Metadata
Analyzed At
Jun 27, 2026, 11:29 PM
Package URL
pkg:socket/skills-sh/calesthio%2FOpenMontage%2Fremotion-to-hyperframes%2F@bddd2720d403d329750ff75f3dcb31db1161b6fe3e4e26b4758ba17ae3332951
Security Audit — socket — remotion-to-hyperframes