motion-canvas

[Skill Scanner] [Documentation context] Credential file access detected The code fragment is benign and aligned with its stated purpose as documentation and usage guidance for the Motion Canvas library. It does not request credentials, perform network calls, or modify system state beyond illustrating typical API usage. Security risk is low, malware risk is negligible, and obfuscation risk is minimal. LLM verification: [LLM Escalated] The provided file is documentation and example code for Motion Canvas and contains no direct malicious code. The primary security concern is supply‑chain risk: unpinned npm installs and git submodules can pull and execute remote code (including lifecycle scripts) on the developer machine. Treat instructions that fetch code as high‑impact operations—pin versions, audit dependencies and submodule remotes, and perform installs/builds in isolated environments. No evidence in this fragment of credent