ClawHub

Openclaw Notion Api

Security checks across malware telemetry and agentic risk

Overview

This is a Notion API reference skill whose examples can read, create, update, and upload Notion content, but those actions are disclosed and match the skill’s purpose.

Install this only if you want an agent to help operate your Notion workspace. Use a least-privilege Notion integration, share only the pages or databases needed, protect or avoid the plaintext token file, and review any create, update, or upload command before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs users to persist a Notion API key on disk and then transmit it in an Authorization header to an external service, but it does not explicitly warn that the credential will be read locally and sent off-host. In a documentation skill, this creates a real secret-handling and outbound-transmission risk because users may expose workspace-scoped tokens without understanding the sensitivity or least-privilege implications.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The file upload example uses curl -F with a local path, which causes local file contents to be uploaded to Notion, but the documentation does not clearly warn users about that outbound data transfer. This is a real privacy and data-loss risk because users may accidentally upload sensitive local files, believing they are only referencing a path or performing a local operation.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs users to persist a long-lived Notion API token in a plaintext file under the home directory without any guidance on file permissions, secret managers, or least-privilege handling. This increases the chance of credential disclosure through local compromise, backups, shell history, multi-user systems, or accidental inclusion in logs and repos.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The skill advertises create, update, and block-management operations against a live Notion workspace but does not clearly warn that these commands will modify remote user data. In an agent context, missing mutation warnings can lead to unintended destructive or unauthorized changes because users may treat examples as informational rather than state-changing.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal