ClawHub

Notion Calendar

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Notion calendar helper that discloses its Notion API use and local memory, with privacy caveats users should configure carefully.

Install only if you are comfortable giving an agent access to the Notion databases you share with the integration. Use read-only or write-with-confirmation mode unless you intentionally want automated updates, keep the integration scoped to specific databases, and avoid saving sensitive routine details as inferred behavior patterns in local memory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The template explicitly directs the skill to store 'repeated user patterns inferred from behavior,' which creates a privacy risk because it encourages retention of behavioral profiling data without any notice, consent boundary, minimization rule, or retention limit. In the context of a calendar/planning integration, inferred habits and scheduling patterns can reveal sensitive work routines, personal commitments, and organizational behavior, making the issue more significant than generic note-taking.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation criteria are intentionally broad, causing the skill to engage on loosely related requests such as any 'Notion calendar' or 'dated task database' query. This can lead to the agent invoking calendar/database capabilities in contexts where the user did not explicitly intend tool use or access to scoped workspace data, increasing the risk of over-collection, unintended reads, or premature write-oriented setup prompts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal