Notion API 2026 01 15

Security checks across malware telemetry and agentic risk

Overview

This is a Notion API instruction helper with disclosed credentials and content-changing examples, but no hidden execution or unrelated data sharing.

Install this only if you want your agent to help operate Notion through an integration token. Share the Notion integration only with pages or databases it needs, protect ~/.config/notion/api_key, and require explicit user confirmation before moving, locking, updating, or erasing page content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill documents a content-destructive operation that can erase an existing page's contents, but the warning is easy to miss and does not require any confirmation, backup, or safe-usage guidance. In an agent skill context, this increases the chance of accidental destructive actions against user data, especially if an agent follows examples mechanically.

Session Persistence

Medium

Category: Rogue Agent
Content: ## Setup 1. Create an integration at https://notion.so/my-integrations 2. Copy the API key (starts with `ntn_` or `secret_`) 3. Store it: ```bash
Confidence: 89% confidence
Finding: Create an integration at https://notion.so/my-integrations 2. Copy the API key (starts with `ntn_` or `secret_`) 3. Store it: ```bash mkdir -p ~/.config/notion echo "ntn_your_key_here" > ~/.config/not

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal