ClawHub

Notion

Security checks across malware telemetry and agentic risk

Overview

This Notion skill appears purpose-aligned, but it needs review because it can modify or delete Notion content and upload local files with limited safety and credential guidance.

Install only if you want an agent to manage Notion through this CLI. Use a least-privilege Notion integration, share only the pages and databases needed, verify where the API key is stored, and require explicit approval before delete, move, schema update, block delete, or local file upload operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documents destructive and state-changing commands such as delete, move, db-update, block-delete, and upload without any safety guidance, confirmation requirements, or warning about irreversible effects on workspace content and schema. In an agent context, this increases the chance that an LLM or user invokes high-impact operations on the wrong page, database, or workspace, causing unintended data loss or corruption.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The setup flow tells users to initialize with an API key and notes that the tool auto-discovers all shared databases, but it does not warn that the key grants access to all resources shared with the integration or explain how/where credentials are stored. In an agent environment, that omission can lead to overbroad exposure of workspace metadata and content, as well as insecure secret handling practices.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal