remi

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed helper for managing Apple Reminders, with deletion and iCloud-sync behavior that fits its stated purpose but deserves care.

Install this only if you trust the third-party remi CLI source. Granting Reminders access allows reading and changing reminders, and deletions may sync through iCloud to other Apple devices. For destructive actions, confirm the exact target first and prefer ID-based targeting when available.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly documents that destructive delete operations do not require `--confirm` when invoked with `--json`, which is the mode the skill also recommends for programmatic use. In an agent setting, this removes an important safety barrier and increases the chance that a mistaken prompt, ambiguous target, or unsafe automation flow will permanently delete reminders, lists, or sections without an explicit user approval step.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal