reMarkable Tablet Sync
PassAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for reMarkable tablet syncing, but it uses a stored reMarkable login token, third-party command-line tools, bulk sync commands, and optional memory storage for private notes.
Before installing, make sure you trust rmapi and the Python conversion tools, authenticate only on a trusted machine, and consider using a dedicated reMarkable sync folder. Review bulk upload/download targets carefully, and do not append private journal content to memory unless you are comfortable with it being retained and reused.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing these tools gives local code from external projects the ability to run on the user's machine.
The skill asks the user to install an external executable from a latest-release URL and unpinned Python packages. This is purpose-aligned for rmapi-based sync, but users should trust and verify those upstream tools.
curl -L https://github.com/ddvk/rmapi/releases/latest/download/rmapi-linux-amd64 -o ~/bin/rmapi chmod +x ~/bin/rmapi ... pip install --user rmc cairosvg pillow
Install rmapi and the Python packages only from trusted sources, consider pinning versions, and verify release checksums or signatures if available.
Anyone or any agent process able to use that local rmapi profile may be able to list, download, or upload reMarkable documents.
The skill relies on a persistent reMarkable Cloud token stored locally. This is expected for rmapi, but it means future commands can access the user's reMarkable account without re-authentication.
Token saved to `~/.rmapi` — future runs are automatic
Authenticate only on trusted machines, protect ~/.rmapi, and remove or revoke the token if you no longer want automatic access.
A mistaken folder or bulk command could download private notebooks or upload many local files to the tablet cloud.
The documented rmapi operations include bulk download, bulk upload, and remote folder creation. These fit the sync purpose, but they can affect many documents if used with broad folders.
rmapi mget -o ./sync-folder/ "/My Folder" ... rmapi mput ./local-folder/ "Remote Folder/" ... rmapi mkdir "New Folder"
Use a dedicated reMarkable sync folder or tag, review paths before bulk operations, and prefer single-file commands when testing.
Private handwritten thoughts may become part of persistent agent memory or project notes and could be reused in later tasks.
The skill suggests storing interpreted handwritten journal content in memory or a journal. This is purpose-aligned, but the artifacts do not describe retention, deletion, or reuse boundaries.
Journal entries — Fetch handwritten thoughts → interpret → append to memory/journal
Only store journal or notebook content in memory when you explicitly want long-term retention, and remove sensitive entries when no longer needed.