remotion-render

Functionally the skill is coherent with its stated purpose: it sends user-provided Remotion/TSX code to the inference.sh rendering service and returns a video. The primary security concerns are supply-chain and data-exposure risks: (1) the README recommends a curl|sh installer (download-and-execute) which is a high-risk pattern; (2) users must login to a third-party service and upload source code and props, so any sensitive data embedded in code or props may be exposed to the remote service; (3) suggested transitive installs via npx create a further supply-chain/trust chain. I found no evidence of deliberate obfuscation or embedded malicious payloads in the documentation itself, but the installation and runtime model relies on trusting an external binary and service. For safe use: avoid piping unknown scripts to shell, review the installer contents and binary checksums manually, avoid uploading secrets or private assets, and review any transitive skill repositories before installing.