Back to skill

Security audit

Notion Manager

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Notion helper skill that can read and change Notion content only through the user-provided Notion integration token.

Before installing, verify the npm package, use a dedicated least-privilege Notion integration, share only the specific pages or databases needed, protect the token file with restrictive permissions or a secret manager, and review any create or update action because it can modify live Notion workspace data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
This README explicitly documents state-changing operations in Notion such as creating pages and updating properties, but it does not clearly warn that these actions modify live user data and may be irreversible or affect shared workspaces. In an agent-skill context, examples are often turned into executable actions, so missing safety guidance increases the risk of unintended writes, bulk edits, or user-surprising changes.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill prominently documents create and update operations against Notion pages and databases but does not warn that these commands can modify or overwrite user data. In an agent-skill context, omission of write-safety guidance increases the chance of unintended destructive actions, especially when users may assume examples are safe to run verbatim.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup instructions handle a sensitive Notion API token and show exporting it into the shell environment without any credential-safety guidance. This can lead to token exposure through shell history, process inspection, logs, screenshots, or accidental sharing, which would grant access to the connected Notion workspace within the token's scope.

Session Persistence

Medium
Category
Rogue Agent
Content
## Setup

- Install notion-cli: `npm install -g @iansinnott/notion-cli`
- Create an integration at https://notion.so/my-integrations
- Copy the API key (starts with *ntn_* or *secret_*)
- Store it:
  - `mkdir -p ~/.config/notion`
Confidence
88% confidence
Finding
Create an integration at https://notion.so/my-integrations - Copy the API key (starts with *ntn_* or *secret_*) - Store it: - `mkdir -p ~/.config/notion` - `echo "ntn_your_key_here" > ~/.config/no

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.