Skills, MCP servers, and tools for producing video with Claude Code. Covers programmatic video (Remotion, Manim), screen recording, YouTube clipping, and FFmpeg post-processing.
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"claude-code-video-toolkit": {
"args": [
"-y",
"skills"
],
"command": "npx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Skills, MCP servers, and tools for producing video with Claude Code. Covers programmatic video (Remotion, Manim), screen recording, YouTube clipping, and FFmpeg post-processing.
This server supports HTTP transport. Be the first to test it — help the community know if it works.
Five weighted categories — click any category to see the underlying evidence.
yt-dlp: Arbitrary code execution via manifest downloads with aria2c
### Summary If aria2c is used as an external downloader for a fragmented manifest format (such as an HLS/DASH stream), yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On Windows platforms, this can lead to immediate arbitrary code execution. On non-Windows platforms, this can lead to arbitrary code execution upon the next invocation of yt-dlp. ### Details When downloading a fragmented manifest format such as an HLS or DASH strea
yt-dlp: Dangerous file type creation via insufficient filename sanitization (Bypass of CVE-2024-38519)
### Summary A vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files (such as `.desktop`, `.url`, `.webloc`) to the user's filesystem, bypassing the remediation for `CVE-2024-38519`. ### Details The fix for `CVE-2024-38519` enforced an allowlist for file extensions, in order to prevent writing files with unsafe extensions (such as `.exe` or `.sh`) during file downloads. However, this allowlist explicitly included the unsafe extensions `.desktop`, `.ur
yt-dlp: File Downloader cookie leak with curl
### Summary If curl is used an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. This is the equivalent to [GHSA-v8mc-9377-rwjj](<https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-v8mc-9377-rwjj>) for the `curl` downloader. The vulnerable behavior is present in [yt-dlp](https://github.com/yt-dlp/yt-dlp) released since 2023.09.24. ### Details At the file download st
yt-dlp: Arbitrary Command Injection when using the `--netrc-cmd` option
### Summary When yt-dlp's `--netrc-cmd` command-line option (or `netrc_cmd` Python API parameter) is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously crafted URL. ### Impact yt-dlp maintainers assume the impact of this vulnerability to be high for anyone who uses `--netrc-cmd` in their command/configuration or `netrc_cmd` in their Python scripts. Even though the maliciously crafted URL itself will look very suspicious to many users, it would be
yt-dlp File system modification and RCE through improper file-extension sanitization
### Summary `yt-dlp` does not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder (and path traversal on Windows). Since `yt-dlp` also reads config from the working directory (and on Windows executables will be executed from the yt-dlp directory) this could lead to arbitrary code being executed. ### Patches `yt-dlp` version 2024.07.01 fixes this issue by whitelisting the allowed extensions. This means some very uncommon extensio
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in entertainment
AI Skills, MCP Tools, and CLI for Unity Engine. Full AI develop and test loop. Use cli for quick setup. Efficient token usage, advanced tools. Any C# method may be turned into a tool by a single line. Works with Claude Code, Gemini, Copilot, Cursor and any other absolutely for free.
Music studio: ABC notation composition and Strudel live coding with ext-apps UI.
YouTube as a queryable database for AI agents. 41 tools, zero config.
The official ElevenLabs MCP server
MCP Security Weekly
Get CVE alerts and security updates for Claude Code Video Toolkit and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
Skills, MCP servers, and tools for producing video with Claude Code. Covers programmatic video (Remotion, Manim), screen recording, YouTube clipping, and FFmpeg post-processing.
February 2026
Write React components. Get MP4s. No timeline editor, no After Effects. Claude describes each frame in TypeScript, Remotion renders it.
The official Remotion skill for Claude Code. Went viral in January 2026 — 6M+ views on the launch demo, 25k+ installs in the first week. Teaches Claude how to write correct Remotion code: useCurrentFrame(), interpolate(), spring(), <Sequence>, <Composition>. Without this, Claude tries to use web animation patterns that break during rendering.
| Install | npx skills add remotion |
| Docs | remotion.dev/docs/ai/claude-code |
One command to install. Then just describe what you want: "Create a 30-second product launch video with logo animation, feature callouts, and a CTA at the end." Claude writes the React components, Remotion renders to MP4.
What it's good for: marketing videos, product demos, data visualizations, explainers, branded content, onboarding videos. Anything that's motion graphics rather than live footage.
The most complete video production setup for Claude Code. Not just a skill — it's a full project template with skills, slash commands, reusable components, transitions, a theme system, brand profiles, and a multi-session project lifecycle.
| Author | digitalsamba |
| Source | digitalsamba/claude-code-video-toolkit |
What's in the box:
/video (start a new video project), /record-demo (screen recording), /brand (create brand profile), /contributeThemeProvider + useTheme for consistent stylingbrands/my-brand/The project system auto-generates a CLAUDE.md per video project so Claude can pick up where you left off across sessions.
The library behind 3Blue1Brown. Python-based, renders LaTeX, graphs, 3D objects, geometric proofs to video. Claude writes the scene code, Manim renders it.
Claude Code plugin that handles the full Manim workflow: plan scenes, write code, render video, iterate based on your feedback. Uses Claude's plan mode for scene structure, then writes and renders until all scenes compile.
| Author | Yusuke710 |
| Install | /plugin marketplace add Yusuke710/manim-skill then /plugin install manim-skill/manim-skill |
| Source | Yusuke710/manim-skill |
Also installs manimce-best-practices from adithya-s-k for correct ManimCE patterns.
Goes further than a basic Manim skill — three separate AI p