remotion-to-hyperframes

Warn

Audited by Socket on Jun 14, 2026

1 alert found:

Anomaly
AnomalyLOW
assets/test-corpus/run.sh

No explicit malicious behavior (exfiltration, backdoor indicators, hardcoded credentials, obvious obfuscated payloads) is present in this Bash orchestrator file. However, it substantially increases supply-chain and host-execution exposure by (1) executing fixture-provided setup.sh and validate.sh with no sandboxing and (2) performing runtime npm install inside fixture directories without visible pinning/integrity controls. Treat fixtures and dependency provenance as high trust or add sandboxing, pinning, and integrity verification to reduce risk.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 14, 2026, 06:41 AM
Package URL
pkg:socket/skills-sh/frankxai%2Fclaude-skills-library%2Fremotion-to-hyperframes%2F@ee04c5eca6113d5a3a8aeee9e78792451da57f06450bd034486950142ee05766
Security Audit — socket — remotion-to-hyperframes