Back to skill

Security audit

Notion API

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Notion automation skill that reads and changes only the Notion content reachable by the user’s Notion integration token.

Install only if you want an agent to manage Notion pages or databases shared with its integration. Use a least-privilege Notion integration token, run triage without --apply first, keep --limit small for bulk moves, and review any rules file before applying moves.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

High
Confidence
78% confidence
Finding
The triage --apply path can bulk-move many pages based on rules loaded from a JSON file, with no validation, preview gating beyond a separate non-apply mode, or per-action confirmation. In an agent context, a malicious or mistaken rules file could silently reorganize or hide large amounts of user data, causing integrity and availability issues that are harder to reverse at scale.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/notionctl.mjs:172