ClawHub

Notion Skill Publish

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Notion integration that can read and modify shared Notion content, including archiving blocks, and its behavior matches that purpose.

Install this only if you want an agent to operate on Notion content. Use a dedicated least-privilege Notion integration, share only the pages or databases needed, and explicitly review any delete-block or bulk update plan before it runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill provides operational guidance for destructive Notion workflows, including delete-based replacement, without an explicit warning that block deletion can permanently remove or alter user content. In an agent-executed environment, this increases the chance of accidental data loss because an agent may follow the documented workflow mechanically without surfacing the destructive consequence to the user.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation exposes a direct `delete-block` command with no adjacent warning about irreversibility, scope, or need for confirmation. Because this skill is intended for agent use and emphasizes execution procedures, an LLM agent could invoke deletion as a routine step and cause unintended content destruction in shared Notion workspaces.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The delete-block command performs a destructive archive operation immediately with no confirmation prompt, dry-run mode, or explicit safety flag. In an agent-driven or scripted environment, this increases the chance of accidental data loss from prompt mistakes, argument mix-ups, or misuse of the tool.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal