Trust Assessment
remarkable received a trust score of 76/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via User-Controlled Arguments, Sensitive Credential File (`~/.rmapi`) Vulnerable to Exfiltration, Use of Unofficial Tool Fork.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via User-Controlled Arguments The skill documentation shows examples of invoking `rmapi` and `~/clawd/scripts/remarkable-fetch.sh` with arguments such as folder names, filenames, and tags (e.g., `rmapi cd "folder name"`, `rmapi get "filename"`, `rmapi find --tag="share-with-gandalf" /`, `~/clawd/scripts/remarkable-fetch.sh --tag="share-with-gandalf"`). These arguments are described as being derived from user-created content (e.g., "User creates 'Shared with Gandalf' folder", "User tags documents"). If the LLM or the `remarkable-fetch.sh` script does not properly sanitize these user-controlled inputs before passing them to shell commands, an attacker could inject arbitrary shell commands (e.g., `"; rm -rf /"`). The `remarkable-fetch.sh` script is not provided, making it impossible to verify its sanitization practices. Implement robust input sanitization (e.g., shell escaping using `shlex.quote` in Python or similar mechanisms) for all user-provided strings before they are passed as arguments to `rmapi` or any other shell command. The `remarkable-fetch.sh` script must also be reviewed and updated to safely handle all its arguments. | LLM | SKILL.md:50 | |
| HIGH | Sensitive Credential File (`~/.rmapi`) Vulnerable to Exfiltration The skill stores a sensitive reMarkable device token in `~/.rmapi`. While the skill itself doesn't explicitly show code to read or exfiltrate this file, a successful command injection attack (as identified in SS-LLM-003) could be used to read the contents of this file and exfiltrate the token, granting unauthorized access to the user's reMarkable cloud data. Ensure the `~/.rmapi` file has strict file permissions (e.g., `chmod 600 ~/.rmapi`) to restrict access. The skill should rely on the `rmapi` binary to handle its own configuration and never attempt to directly read or manipulate this file. The `remarkable-fetch.sh` script should also avoid reading this file directly. | LLM | SKILL.md:37 | |
| INFO | Use of Unofficial Tool Fork The skill specifies using `rmapi (ddvk fork) v0.0.32`. While the version is pinned, relying on an unofficial fork introduces potential supply chain risks. The security practices, maintenance, and vetting of the `ddvk fork` may not be as robust as an official project, potentially introducing vulnerabilities or backdoors. Document the specific source and rationale for using the `ddvk fork`. Conduct a thorough security review of the fork's codebase. Consider contributing security fixes upstream or using the official `rmapi` if its functionality meets the skill's requirements. | LLM | SKILL.md:35 |
Scan History
Embed Code
[](https://skillshield.io/report/7b2e5c58435f2ad6)
Powered by SkillShield