ClawHub

Vibe Notionbot

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent for Notion automation, but it also points agents toward a higher-privilege user-session CLI and lacks clear safeguards for destructive Notion changes.

Review before installing. Use only a least-privilege Notion integration token with `vibe-notionbot` unless you explicitly want an agent to act through your logged-in Notion desktop session. Require confirmation before archive/delete actions, content replacement, database schema changes, batch operations, comments, and file uploads.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documents page archival as a normal operation without instructing the agent to obtain explicit user confirmation before performing a destructive action. In an agent setting, this increases the risk of accidental or over-broad deletions when a prompt is ambiguous, mistaken, or maliciously crafted by a third party.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Deleting a database property is schema-destructive and can remove or orphan structured data, yet the skill presents the command without a warning or confirmation requirement. In the context of a Notion workspace tool, an agent could irreversibly damage shared business records, workflows, or reporting structures from a single mistaken command.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill includes block deletion commands without warning about data loss or advising confirmation. Because blocks may contain important document content and agents can act on incomplete context, this omission makes accidental content removal materially more likely.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal