Notion

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Notion integration, but it gives an agent broad authenticated ability to modify, archive, restore, or proxy requests against workspace content without clear confirmation safeguards.

Install only if you trust Membrane and intend to grant access to the selected Notion workspace. Before any create, update, archive, restore, delete, or raw API request, require the agent to show the exact target, action, and payload and confirm it manually. Revoke the Membrane/Notion connection when you are done.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill explicitly lists destructive operations like delete, archive, and restore without any guidance to require confirmation or warn about data modification impact. In an agentic context, this increases the chance that an LLM could perform irreversible or hard-to-notice state-changing actions on user data from ambiguous prompts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal