skills/family3253/skill/remotion-skill/Socket

remotion-skill

Warn

Audited by Socket on Mar 15, 2026

1 alert found:

Anomaly

AnomalySKILL.md

LOW

AnomalyLOW

SKILL.md

该技能目的与能力总体一致：围绕 Remotion 模板复用、代码生成和 GIF 渲染展开，未见越权读取敏感凭据或异常外传数据流。但其核心风险在于自动从个人 GitHub 仓库拉取代码并执行 npm install，且与“已内置环境”表述不一致，发布与校验链不足，属于供应链信任问题。整体更适合判定为 SUSPICIOUS 而非 MALICIOUS。

Confidence: 89%Severity: 68%

Audit Metadata

Analyzed At

Mar 15, 2026, 08:21 AM

Package URL

pkg:socket/skills-sh/family3253%2Fskill%2Fremotion-skill%2F@f41eb7fd8e20a96b6694fd0ce13cdab0ab8f8744