Back to skill

Security audit

Notion CLI – Command Line Interface based access to Notion for your agent

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Notion CLI helper that can read and change shared Notion content, so it is usable but should be installed with normal API-key and write-action caution.

Before installing, review the external repository and npm dependencies, create a dedicated Notion integration, share only the pages or databases needed, avoid verbose debug logging with sensitive content, protect or rotate the API key, and require explicit confirmation before update, archive, delete, append, or comment commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents create, update, archive, restore, append, and delete operations against a live Notion workspace but does not warn users that these commands can permanently modify or remove content. In an agent setting, this increases the chance of unintended destructive actions because users may invoke commands assuming they are read-only or low-risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to set a sensitive Notion API key in environment files and enables optional verbose request/response logging without explaining that logs or shell history may expose credentials and workspace data. In an agent or shared environment, this can lead to accidental disclosure of secrets and sensitive content returned by the API.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.