Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Remarkable
v1.0.0Fetch handwritten notes, sketches, and drawings from a reMarkable tablet via Cloud API (rmapi). Process content by refining artwork with AI image generation, extracting handwritten text to memory/journal, or using sketches as input for other workflows. Use when working with reMarkable tablet content, syncing handwritten notes, processing sketches, or integrating tablet drawings into projects.
⭐ 4· 1.5k·4 current·5 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The stated purpose (using rmapi to fetch reMarkable content and then OCR/enhance it) is coherent. However, the SKILL.md relies on several specific tools and paths (~/bin/rmapi, ~/.rmapi, ~/clawd/remarkable-sync/, ~/clawd/scripts/remarkable-fetch.sh, ImageMagick 'convert', and an external 'nano-banana-pro' image enhancer) even though the skill metadata declares no required binaries, env vars, or config paths. That mismatch is unexpected and reduces confidence that the metadata accurately represents what the skill will need.
Instruction Scope
The instructions directly tell the agent to run rmapi commands, use local scripts, read a device token at ~/.rmapi, convert PDFs to images, and append extracted text to memory/journal files. These are reasonable for the stated task, but they grant the agent filesystem read/write access to user home paths and the agent may invoke unspecified external AI tools for image processing. The SKILL.md also suggests using a 'vision model' rather than traditional OCR and an external editor 'nano-banana-pro' without clarifying whether processing occurs locally or is sent to a third party — creating a risk of sensitive content being uploaded.
Install Mechanism
This is an instruction-only skill (no install spec), which is low-risk in terms of adding new code. However, the skill expects external tooling (rmapi v0.0.32, ImageMagick convert, and 'nano-banana-pro') to be installed and scripts to exist at specific user paths. The absence of an install spec or explicit verification steps means an agent could fail or rely on user-supplied scripts whose behavior is unknown.
Credentials
Metadata declares no environment variables or credentials, but the runtime instructions depend on a device token saved at ~/.rmapi and reference specific user folders and scripts. The skill also names an external image-enhancement service ('nano-banana-pro') and a 'vision model' with no description of where models run or what credentials/endpoints are used. This lack of declared credentials and the presence of unclear external services is disproportionate to the simple fetch-and-OCR description and raises potential for inadvertent data exfiltration.
Persistence & Privilege
The skill does not request 'always: true' and uses default model invocation settings. It does instruct writing to user-space locations (e.g., ~/clawd/remarkable-sync/, memory/journal files) and storing rmapi's token in ~/.rmapi (which is how rmapi works). It does not request system-wide changes or other skills' config, so privilege escalation concerns are limited.
What to consider before installing
Before installing or enabling this skill: 1) Confirm rmapi and ImageMagick are truly installed where the SKILL.md expects (~/bin/rmapi, 'convert' on PATH) or update the instructions to match your environment. 2) Inspect any referenced scripts (~/clawd/scripts/remarkable-fetch.sh) to see what they do — they will run with your user privileges. 3) Clarify where 'nano-banana-pro' and the 'vision model' run: are images uploaded to a third-party service? If so, avoid sending sensitive handwritten notes. 4) Be aware the skill will read ~/.rmapi (the saved device token) and read/write files under ~/clawd and your memory/journal files; ensure you are comfortable with that access. 5) Prefer a version of the skill that declares required binaries/configs in metadata or provides an explicit install/verification step. If you cannot verify the external AI tooling and scripts, treat this skill as high-risk for leaking private content.Like a lobster shell, security has layers — review code before you run it.
handwritingvk977q37tjs0eeeqegbzpfzqpnn80kc5gjournalvk977q37tjs0eeeqegbzpfzqpnn80kc5glatestvk977q37tjs0eeeqegbzpfzqpnn80kc5gremarkablevk977q37tjs0eeeqegbzpfzqpnn80kc5gsketchvk977q37tjs0eeeqegbzpfzqpnn80kc5gtabletvk977q37tjs0eeeqegbzpfzqpnn80kc5g
License
MIT-0
Free to use, modify, and redistribute. No attribution required.