AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack is confirmed, but the package is a user-invoked Claude automation launcher that installs agent skills and runs remote npm packages. The residual risk is agent-extension lifecycle/capability exposure rather than malware.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs prompt2video build or prompt2video install.
Impact
Claude may write project files, run shell commands, fetch web content, and generate/copy video artifacts under user-selected paths.
Mechanism
CLI scaffolds Remotion project, adds Claude skills, then launches Claude with broad tools.
Policy narrative
When build is explicitly invoked, the tool creates a temporary Remotion project, installs Remotion/Claude-related tooling via npx, copies its bundled prompt2video Claude skill into the generated project's .claude directory, and starts the local claude CLI with Bash, Read, Write, and WebFetch available. The behavior is documented and package-aligned, but it creates a real agent-control surface with broad capabilities.
Rationale
Source inspection shows no lifecycle hook, import-time execution, credential harvesting, exfiltration, persistence, or unconsented mutation of a foreign agent surface. Because the package explicitly sets up Claude skills and launches an agent with broad tools, it should be warned as agent extension lifecycle risk rather than blocked as malicious.
Evidence
package.jsondist/cli.jsdist/commands/build.jsdist/commands/install.jsskills/prompt2video/SKILL.mdREADME.md/tmp/prompt2video_<timestamp>.claude/skills/prompt2videoout/video.claude_events.jsonlout/video.mp4out/slides.pdf<outputDir>/prompt2video_<timestamp>_video.mp4<outputDir>/prompt2video_<timestamp>_slides.pdf<agents-folder>/skills/prompt2video
Network endpoints6
npx create-video@latestnpx skills add remotion-dev/skillsnpx claude_stream_viewer@latestgithub.com/jeromeetienne/prompt2videoclaude.com/claude-codewww.remotion.dev/
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- dist/commands/build.js user-invoked build spawns claude with Bash,Read,Write,WebFetch and permission-mode auto.
- dist/commands/build.js runs npx create-video@latest, npx skills add remotion-dev/skills, and npx claude_stream_viewer@latest at runtime.
- dist/commands/build.js copies bundled skill into generated project .claude/skills/prompt2video.
- dist/commands/install.js can copy bundled skills into an explicit agents-folder/skills target.
Evidence against
- package.json has no npm lifecycle hooks, only bin/main dist/cli.js.
- dist/cli.js exposes build and install as explicit CLI commands; no import-time execution beyond parsing CLI args.
- README.md documents Remotion scaffolding, Claude execution, skill copying, and skill-only install behavior.
- skills/prompt2video/SKILL.md is package-aligned video generation guidance, not credential harvesting or reviewer manipulation.
- No code reads secrets, enumerates home files, installs persistence, or exfiltrates data to a package endpoint.
Behavioral surface
ChildProcessFilesystemShell
Source & flagged code
2 flagged · loading sourcedist/commands/build.jsView file
1import ChildProcess from 'node:child_process';
L2: import Fs from 'node:fs';
High
Child Process
Package source references child process execution.
dist/commands/build.jsView on unpkg · L11import ChildProcess from 'node:child_process';
L2: import Fs from 'node:fs';
...
L14: console.error('Error: no user prompt provided on stdin.');
L15: console.error('Usage: echo "my prompt" | npx tsx prompt2video.ts build');
L16: process.exit(1);
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/commands/build.jsView on unpkg · L1Findings
3 High2 Low
HighChild Processdist/commands/build.js
HighShell
HighRuntime Package Installdist/commands/build.js
LowScripts Present
LowFilesystem