Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
notion-clipper-skill
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill mostly does what it claims, but review it carefully because login-required clipping can leave browser session data in a persistent Chrome profile and it uses a Notion token to modify your workspace.
Install only if you are comfortable giving a Notion integration access to the target pages/databases and letting the skill launch Chrome locally. Be especially careful with wait mode: if you log into a site, use a dedicated session and know how to clear the skill’s Chrome profile afterward. Avoid disabling your VPN/proxy unless you intentionally want direct network access.
Static analysis
Env credential access
Critical
- Finding
- Environment variable access combined with network send.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
If you log into a site while clipping, that browser session may remain in the skill's Chrome profile and could be reused for later captures.
Why it was flagged
The skill creates and uses a persistent Chrome user-data directory. Combined with the documented wait mode for login-required pages, website cookies or sessions may remain available to future clipping runs, but retention and cleanup are not clearly explained.
Skill content
const profileDir = resolveNotionClipperChromeProfileDir();
await mkdir(profileDir, { recursive: true });
...
`--user-data-dir=${profileDir}`,Recommendation
Use a dedicated low-risk browser session/account, avoid logging into sensitive services unless necessary, and add or request clear documentation for where the profile is stored and how to delete it.
What this means
The skill can modify Notion pages/databases that your integration token can access.
Why it was flagged
The skill reads a local Notion API key and uses it to create pages or append blocks. This is expected for the Notion clipper purpose, but it grants workspace access according to what the user shared with the integration.
Skill content
const key = await readFile(keyPath, "utf-8");
...
Authorization: `Bearer ${apiKey}`,
...
await notionRequest<NotionPageResponse>(apiKey, "POST", "/pages", body);Recommendation
Share only the intended Notion database or page with the integration, keep the token file private, and revoke or rotate the token if you stop using the skill.
What this means
Running the skill may download and execute npm package installation logic on your machine.
Why it was flagged
The skill auto-installs npm dependencies at first run. That is purpose-aligned for a TypeScript helper, but it means package installation happens during use rather than through a separately reviewed install step.
Skill content
(cd "${SKILL_DIR}/scripts" && (test -d node_modules || npm install) && npx -y tsx main.ts <args>)Recommendation
Review package.json/package-lock.json, prefer pinned installs such as npm ci where possible, and run only from a trusted skill source.
What this means
The skill will open and control a local Chrome process for the chosen URL.
Why it was flagged
The skill starts a local Chrome/Chromium process to render pages through CDP. This is disclosed and central to the feature, but it is still local process execution.
Skill content
return spawn(chrome, args, { stdio: "ignore" });Recommendation
Ensure the Chrome executable path is trusted, and be cautious when clipping untrusted or sensitive sites.
What this means
Network requests to websites and Notion may go directly instead of through your usual proxy or VPN.
Why it was flagged
The recommended command clears proxy environment variables and troubleshooting guidance suggests closing VPN/proxy software. This may be useful for connectivity, but it can bypass user-configured network routing.
Skill content
unset http_proxy https_proxy all_proxy ... Close any VPN/proxy software
Recommendation
Do not disable proxy or VPN settings unless you intentionally want direct connections and understand the privacy or policy impact.