Voice2notion

Security checks across malware telemetry and agentic risk

Overview

This skill coherently transcribes user-provided audio and saves results to a chosen Notion database, but users should be careful with Notion credentials and public audio links.

Install only if you are comfortable giving a Notion integration access to the target database. Use a dedicated Notion integration scoped to that database, keep the API key private, and avoid public audio links unless the recording is safe to share publicly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly recommends making audio recordings publicly accessible via external URLs or public cloud-share links, but it does not warn that recordings and their transcripts may contain sensitive personal, business, or regulated data. In this context, voice notes are likely to contain private conversations, so encouraging public exposure materially increases the risk of unintended data disclosure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal