reMarkable MCP

Security checks across malware telemetry and agentic risk

Overview

This is a coherent reMarkable document-reading skill, but users should treat cloud and OCR options as privacy-sensitive.

Prefer USB mode for sensitive documents. Enable cloud mode or Google Vision OCR only if you are comfortable with those services processing relevant document data, keep tokens and API keys out of shared configs, and remove the MCP entry when you no longer want agent access.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill instructs users to configure cloud access with a reMarkable token and optional Google Vision OCR API key, but it does not warn that document contents may be transmitted to third-party services or that these credentials grant access to sensitive resources. Because this skill is specifically used to read notebooks, PDFs, EPUBs, and handwritten notes, the omitted privacy and credential-handling guidance increases the risk of unintended data exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal