Back to skill

Security audit

reMarkable Cloud

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: send files and web articles to a reMarkable tablet, with some real but disclosed setup and account-access risks.

Install only if you are comfortable connecting a third-party rmapi tool to your reMarkable Cloud account. Prefer a reviewed or pinned rmapi release, protect or clear ~/.rmapi when needed, and confirm the exact URL, local file, and destination folder before sending anything to the cloud.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill clearly instructs use of shell commands, network access, and file-writing behavior, but no explicit permissions are declared. This creates a transparency and policy-enforcement gap: users or orchestrators may invoke a skill with broader capabilities than expected, increasing the chance of unintended file modification, external transmission, or command execution.

Intent-Code Divergence

Low
Confidence
87% confidence
Finding
The sanitization logic is misleading and incomplete: style is listed as allowed, then removed later, and many dangerous active-content tags and attributes remain untouched, including event-handler attributes, javascript: URLs, object/embed, form, input, video, and link. Because the resulting HTML/XHTML is saved for later rendering by EPUB/PDF consumers, malformed or active markup could trigger script-like behavior, privacy leaks, or reader-specific exploitation in downstream renderers.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation text uses broad natural-language triggers such as when a user 'mentions reMarkable' or wants to send an article or document, which can cause overbroad matching and accidental invocation. In this skill, accidental activation is more dangerous because the workflow can upload local files or fetch remote content through external tools.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill describes sending web articles and documents to the reMarkable cloud, but it does not clearly warn that URLs, fetched article content, and uploaded files are transmitted to external services. This lack of disclosure undermines informed consent and can lead users to unintentionally exfiltrate sensitive documents or browsing targets.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
RMAPI="${RMAPI_BIN:-rmapi}"

# Check rmapi is available
if ! command -v "$RMAPI" &>/dev/null; then
  echo "Error: rmapi not found. Install from https://github.com/ddvk/rmapi" >&2
  exit 1
fi
Confidence
95% confidence
Finding
RMAPI" &>/dev/

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.