Back to skill
Skillv0.8.0
ClawScan security
reMarkable MCP · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 4, 2026, 1:19 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's purpose (accessing a reMarkable tablet) matches its instructions, but the SKILL.md requires binaries and environment variables that are not declared and there is no source or install guidance — this mismatch and missing provenance are concerning.
- Guidance
- Before installing or using this skill, verify the provenance of the required binaries ('uvx' and 'remarkable-mcp'): ask the publisher for a homepage or source repository, installation instructions, and checksums/signing. Understand that running the tool will access your reMarkable device and — if you enable cloud mode or provide a GOOGLE_VISION_API_KEY — may send content to remote services for OCR. Only provide REMARKABLE_TOKEN or Google API keys if you trust the binary's source. Because the SKILL.md lists runtime requirements but the package metadata does not, treat this as a sign the package was incompletely described; request clear install/source information before proceeding.
Review Dimensions
- Purpose & Capability
- concernThe skill claims to access reMarkable content (reading, OCR, rendering), and the instructions show how to run a local 'remarkable-mcp' server in USB/SSH/cloud modes — that is coherent with the stated purpose. However, the skill metadata lists no required binaries or env vars, yet the SKILL.md expects 'uvx' and 'remarkable-mcp' on PATH and optional env vars (REMARKABLE_TOKEN, GOOGLE_VISION_API_KEY). The missing declaration of these runtime requirements is an incoherence.
- Instruction Scope
- noteInstructions are scoped to device access (USB web interface, SSH, or cloud) and OCR. They do not ask the agent to read unrelated host files or credentials. Still, they instruct the user/agent to run an external local binary that will access the tablet and potentially upload data for cloud/Google Vision OCR; that behavior is within the skill's stated purpose but should be explicit and provenance verified.
- Install Mechanism
- concernThere is no install spec and no code files, yet the runtime requires binaries ('uvx' and 'remarkable-mcp'). Without an install source, users would have to obtain and run these binaries themselves — lack of download/source/homepage or checksums increases risk because the origin and integrity of the required software are unknown.
- Credentials
- concernThe SKILL.md references environment variables appropriate for the tasks (REMARKABLE_TOKEN for cloud, GOOGLE_VISION_API_KEY for OCR), but the skill metadata declares no required env vars. This mismatch is problematic: sensitive keys are needed for full functionality but were not declared in metadata, so automated checks or users may miss that secrets will be used. The vars themselves are proportionate to the feature set, but the omission is concerning.
- Persistence & Privilege
- okThe skill is not forced-always and is user-invocable; it will not be force-included in every agent run. Normal autonomous invocation is allowed but not excessive here.