ClawHub

WeChat to Notion

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it fetches a WeChat article and saves it into the user's Notion database, but it will make real Notion changes using a Notion API key.

Install only if you want an agent to save WeChat articles into Notion. Use a dedicated Notion integration shared only with the target database or parent page, keep NOTION_API_KEY out of chat and shell history where possible, confirm the destination database before running, and remember that article text plus generated tags, ratings, and comments will be persisted in Notion.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README explicitly promotes an automated pipeline that fetches third-party content, generates AI-derived metadata/comments, and writes both into a user's Notion database, but it does not clearly warn that this will modify external data stores. In an agent-skill context, missing disclosure is security-relevant because users may trigger the skill expecting analysis only, while the skill performs persistent side effects in a connected SaaS workspace.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The README tells users to configure a Notion API key and connect an integration, but does not clearly state that the key grants write access to a Notion workspace/database and that article content plus generated metadata will be transmitted to Notion APIs. This omission increases the chance of over-privileged credential use or accidental disclosure/modification of workspace data, especially when an autonomous agent is executing the workflow.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly advertises automatic writes to a Notion database, including posting comments, but does not warn users that running the workflow will modify remote data. In an agent-skill context, this is more dangerous than ordinary documentation because an autonomous agent may execute the workflow with limited user confirmation, increasing the chance of unintended persistence, database pollution, or disclosure of article content into Notion.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The README instructs users to export a Notion API key into an environment variable but gives no guidance on secure handling, storage, scope, or rotation of that credential. In an agent environment, this creates elevated risk because environment variables may be exposed through logs, subprocesses, shell history, shared sessions, or other tools the agent invokes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal