Back to skill

Security audit

Notion

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Notion helper whose credential use and write-capable API examples fit its stated purpose, though users should protect the token and review writes.

Install only if you want an agent to work with a Notion integration. Use a dedicated integration, share only the specific pages or databases it needs, protect ~/.config/notion/api_key with restrictive permissions, and review POST or PATCH commands before running them in a real workspace.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill prominently documents multiple state-changing Notion API operations such as creating pages and databases, updating properties, and appending blocks, but does not warn that these actions modify remote user data. In an agent setting, this increases the risk of unintended writes, data corruption, or destructive automation when a user expects read-only assistance or does not understand the side effects.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The setup instructions tell users to store a live Notion API key in a local file and use it directly in shell commands, but do not warn that the credential grants access to shared workspace content and must be protected from disclosure. In practice, users may expose the token through weak file permissions, shell history, logs, screenshots, or accidental sharing, leading to unauthorized access or modification of Notion data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.