Back to skill

Security audit

Remarkable

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill matches its stated purpose of fetching and processing reMarkable tablet content, but users should tightly limit which notes an agent can access.

Install only if you want an agent to access selected reMarkable Cloud content. Prefer a dedicated sharing folder or explicit share tag, preview matches before downloading, review extracted handwriting before saving it to memory or project files, and protect or remove ~/.rmapi if you no longer want automatic cloud access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill description encourages fetching and processing tablet content into memory, journals, or project files but does not clearly warn that private handwritten notes may be persisted locally. This can lead to unintended storage of sensitive personal or business information and increase the blast radius if local files are later indexed, shared, or reused by other workflows.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The setup section states that authentication saves a device token in ~/.rmapi but does not frame this as a security-sensitive persistent credential requiring protection. A locally stored cloud token can allow continued access to the user's synced documents if exposed through filesystem compromise, backups, or overly broad agent access.

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
## Setup

- **Tool:** rmapi (ddvk fork) v0.0.32
- **Binary:** `~/bin/rmapi`
- **Config:** `~/.rmapi` (device token after auth)
- **Sync folder:** `~/clawd/remarkable-sync/`
Confidence
82% confidence
Finding
Tool:*

Tool Parameter Abuse

High
Category
Tool Misuse
Content
rmapi cd "folder name"

# Find by tag / starred / regex
rmapi find --tag="share-with-gandalf" /
rmapi find --starred /
rmapi find / ".*sketch.*"
Confidence
95% confidence
Finding
rmapi find --tag="share-with-gandalf" /

Tool Parameter Abuse

High
Category
Tool Misuse
Content
# Find by tag / starred / regex
rmapi find --tag="share-with-gandalf" /
rmapi find --starred /
rmapi find / ".*sketch.*"

# Download (PDF)
Confidence
96% confidence
Finding
rmapi find --starred /

Tool Parameter Abuse

High
Category
Tool Misuse
Content
# Find by tag / starred / regex
rmapi find --tag="share-with-gandalf" /
rmapi find --starred /
rmapi find / ".*sketch.*"

# Download (PDF)
rmapi get "filename"
Confidence
97% confidence
Finding
rmapi find / "

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.