Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
reMarkable Cloud
v1.1.0Send files and web articles to a reMarkable e-ink tablet via the reMarkable Cloud. Upload PDFs, EPUBs, or convert web articles to readable ebooks and send them to the device. Also browse and manage files on the device. Use when the user mentions reMarkable, wants to send an article or document to their e-reader, or manage reMarkable cloud files.
⭐ 0· 2.1k·0 current·0 all-time
by@nickian
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description align with included scripts: article2ebook.py converts web pages to EPUB/PDF and remarkable.sh wraps rmapi to list/upload/manage files. No unrelated credentials, binaries, or services are requested.
Instruction Scope
SKILL.md stays within scope (fetch article URLs, convert, upload with rmapi). It does instruct fetching remote webpages and images (necessary for conversion) and notes rmapi will cache auth tokens at ~/.rmapi. Be aware the conversion script may call external converters (weasyprint) or a local cupsfilter subprocess as fallbacks — these are related to PDF creation but require runtime system dependencies and will execute locally.
Install Mechanism
There is no automated install spec in the registry; SKILL.md instructs cloning and building rmapi from GitHub and placing the binary at /usr/local/bin (a well-known GitHub repo). This is expected for the functionality but requires go and permission to write to /usr/local/bin (elevated rights). The skill bundle already includes article2ebook.py and the shell wrapper, so only rmapi is fetched per instructions.
Credentials
The skill declares no required env vars or secrets. The wrapper supports RMAPI_BIN for overriding the rmapi binary. rmapi itself will handle authentication and stores tokens in ~/.rmapi — that is expected and proportional for accessing the reMarkable cloud.
Persistence & Privilege
always:false and user-invocable:true. The skill does not request permanent system-wide presence or attempt to modify other skills or configs. The primary side effect is rmapi token caching in the user's home directory, which is expected for cloud access.
Assessment
This skill appears to do exactly what it says: convert web pages into EPUB/PDF and upload them to your reMarkable via rmapi. Before installing, consider: 1) The SKILL.md asks you to clone and build rmapi from GitHub and place the binary in /usr/local/bin — that requires go and permission to write to that path (you’ll need elevated privileges). 2) The conversion script downloads web content and images (required for conversion) and may invoke local PDF tools (weasyprint or cupsfilter); only run it on systems where you trust these tools and the HTML being processed. 3) rmapi will store authentication tokens under ~/.rmapi — if you want to limit exposure, inspect or run rmapi manually and review its auth flow before using the wrapper. 4) Review the rmapi GitHub repo (https://github.com/ddvk/rmapi) and the included article2ebook.py if you have heightened security concerns. If you’re comfortable granting local build/install rights and allowing a tool to access the network for fetching articles and uploading to the reMarkable cloud, the skill is coherent with its stated purpose.Like a lobster shell, security has layers — review code before you run it.
latestvk971e58as8x0ctkwsvtwrdsagh803my8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.