I haven't seen a full list of available variables confirmed to work in a remediation script. However all of the variables that are available in a standard NCM script should be available there (See page 115 in the admin guide for the command script section). If you need complexity you will want to look at the config change templates.
Anything you can run from a normal CLI console / SSH session to a switch or router or firewall can be run in a remediation script.
Figure out exactly what you'd do manually to achieve the remediation, then save those commands and past them into the remediation script window and have NCM perform the remediation automatically on any device that doesn't pass your Compliance rules.
Just remember that NCM is not intelligent; it will do exactly as you say, to every device that fails a Compliance check. You've got the ability to save yourself a LOT of manual work this way, but at the same time you've got to recognize NCM could also cause you a lot of work, if you inadvertently have it do something inappropriate to any of your devices. Check, double-check, triple-check before enabling automatic remediation scripts, and then ensure you have recent / solid backups of every device's configurations so you can restore or compare current configs to past configs in the event that a remediation script causes unintended / unexpected problems.