Notion Workspace

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Notion command-line skill that performs the Notion search and editing actions it advertises, with no hidden persistence or unrelated data flow found.

Install only if you want an agent to read and modify Notion content through your integration token. Share the Notion integration only with the specific pages or databases needed, keep NOTION_API_KEY out of chats and logs, and require human review before running create, update, append, or archive commands.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill advertises and documents use of environment secrets and network access, but does not declare permissions or clearly scope those capabilities. In an agent setting, hidden access to env vars and outbound API calls reduces transparency and can enable unintended secret use or data exfiltration if the skill is invoked unexpectedly.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill exposes page archival as a simple command without warning that it changes user data and may remove content from normal views. Even though Notion archival is soft-delete rather than permanent destruction, presenting it without impact confirmation increases the risk of accidental data loss or operational disruption.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The description emphasizes searching the entire workspace without any privacy or data-scope warning. In practice, this can surface sensitive notes, databases, and metadata accessible to the integration, so users may underestimate the breadth of data exposure and retrieval.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The setup instructs users to provide a Notion integration token but does not warn that the token grants API access to all pages and databases shared with that integration. This is sensitive credential handling guidance; without scope and security warnings, users may over-share content or mishandle a powerful secret.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The page-archive command performs a destructive state change immediately against the live Notion workspace with no confirmation prompt, dry-run mode, or safety interlock. In an agent skill context, this increases the chance of accidental or prompt-induced data loss because a mistaken page ID or misinterpreted instruction can silently archive content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal