remotion-to-framevideo

Warn

Audited by Socket on Jun 14, 2026

1 alert found:

Anomaly
AnomalyLOW
assets/test-corpus/run.sh

This file does not itself implement overt malware behavior (no credentials, no exfiltration, no backdoor logic, no obfuscation). However, it is a high-impact execution harness: it runs fixture-local scripts (setup.sh/validate.sh) and performs npm-based dependency installation and rendering via npx/node/local CLI. If fixtures or dependencies are compromised or not strictly pinned/verified, this orchestrator will execute attacker-controlled code during rendering/validation. Treat it as a sensitive pipeline component requiring strong trust controls for fixture contents and dependency provenance.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 14, 2026, 12:14 PM
Package URL
pkg:socket/skills-sh/chanjing-ai%2Fframevideo%2Fremotion-to-framevideo%2F@f5d80962d3319d4f1304e4575a52aa81ea4a640c9acbc52e14c8c5f7a57fc660
Security Audit — socket — remotion-to-framevideo