remotion-server

[Skill Scanner] [Documentation context] Installation of third-party script detected Overall, the fragment is coherent with its stated purpose of provisioning a headless Remotion server workflow. It relies on standard, legitimate mechanisms (local scripts, npm/pnpm/yarn tooling) and uses sample data to guard privacy. The primary security considerations are canonical supply-chain risks: ensuring dependencies fetched via npx come from official registries, pinning versions where possible, and validating scripts (setup.sh, create.sh) come from trusted sources. The footprint is proportionate to the stated goal; no credential harvesting, no outbound data exfiltration, and no suspicious endpoints are evident in the fragment. LLM verification: [LLM Escalated] The provided documentation describes legitimate headless Remotion usage and contains no explicit malicious code or direct data-exfiltration mechanisms in the visible text. Primary security concerns are supply-chain and operational: referenced local scripts (setup.sh, create.sh) are not included and must be audited before execution, and running unpinned npx remotion allows remote code execution from npm. Recommend: (1) inspect and audit setup.sh and create.sh prior to running (especially with sud