Security audit

Shopee to Notion Sync

Security checks across malware telemetry and agentic risk

Overview

The skill appears to perform a real Shopee-to-Notion sync, but its instructions can turn ordinary product-search requests into Notion database writes without a separate confirmation step.

Install only if you want this agent to write Shopee product results into a specific Notion database. Use a least-privilege Notion token shared only with the intended database, verify the hard-coded .env path before use, keep limits small, and avoid invoking it for read-only Shopee searches unless the skill is changed to add confirmation or a read-only mode.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The code loads secrets from a hard-coded absolute path outside the project, which creates hidden coupling to an external workspace and may cause the skill to read unintended credentials if reused in another environment. This increases the risk of secret confusion, unauthorized credential use, and accidental cross-project data access.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The activation scope is broad enough to trigger on generic requests about searching products, saving to Notion, or syncing data, which can cause the skill to run in situations the user did not specifically intend. Because the skill mandates use of a local executable command, accidental invocation can lead to unintended data writes or external API activity in Notion/Shopee contexts.

Natural-Language Policy Violations

Medium

Confidence: 86% confidence
Finding: The skill forces a fixed response format in Portuguese without checking user preference, which can override user intent and reduce transparency about what actions were taken. While not a direct code-execution risk, this can mislead users, hinder auditing, and make it harder to notice incorrect or unauthorized updates.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal