reMarkable Tablet Sync

Security checks across malware telemetry and agentic risk

Overview

This skill transparently helps sync reMarkable tablet files, but users should be careful with the external tools it installs and the private notes it can access.

Install only if you trust rmapi and the listed Python packages. Prefer a pinned rmapi release with a verified checksum if possible, authenticate only on a trusted machine, and treat ~/.rmapi as a sensitive access token. Use a dedicated sync folder, tag, or starred items, review bulk upload/download targets, and do not let private notes or journals be processed or stored in memory unless you explicitly intend that.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

External Transmission

Medium

Category: Data Exfiltration
Content: ```bash # Example for Linux amd64 curl -L https://github.com/ddvk/rmapi/releases/latest/download/rmapi-linux-amd64 -o ~/bin/rmapi chmod +x ~/bin/rmapi ```
Confidence: 86% confidence
Finding: curl -L https://github.com/ddvk/rmapi/releases/latest/download/rmapi-linux-amd64 -o ~/bin/rmapi chmod +x ~/bin/rmapi ``` ### 2. Install conversion tools ```bash pip install --user rmc cairosvg pillo

Tool Parameter Abuse

High

Category: Tool Misuse
Content: ```bash # Example for Linux amd64 curl -L https://github.com/ddvk/rmapi/releases/latest/download/rmapi-linux-amd64 -o ~/bin/rmapi chmod +x ~/bin/rmapi ```
Confidence: 90% confidence
Finding: rmapi/releases/latest/download/rmapi-linux-amd64 -o ~/bin/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal