Back to skill
Skillv0.1.0
VirusTotal security
Notion · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:43 AM
- Hash
- c0b46d7c1187ab4d94b372d0ad5609786461d80d13c2c983a5f31cf613e86d86
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: notioncli Version: 0.1.0 The skill installs `notioncli`, a legitimate tool for interacting with the Notion API. While the `SKILL.md` and `install.sh` do not contain any direct malicious instructions or prompt injection attempts, the `notion upload` command (documented in SKILL.md) grants the AI agent the capability to read arbitrary local files (e.g., `notion upload <page-id> ./screenshot.png`). This local file access, even if intended for legitimate uploads to Notion, represents a high-risk capability and broad permission that could be exploited by a malicious prompt to exfiltrate sensitive local files, classifying it as suspicious rather than benign.
- External report
- View on VirusTotal