ClawHub

Cli Notion

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Notion command-line skill that uses a user-supplied Notion API key for explicit read and create commands, with no hidden persistence or unrelated behavior found.

Install only if you are comfortable giving this skill access to the Notion pages and databases shared with the integration. Use a dedicated least-privilege Notion integration, share only the needed database, keep NOTION_API_KEY out of logs and repositories, and supervise create-page use in important workspaces.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README instructs users to export a Notion API key and run commands that create and query remote Notion content, but it does not warn that these actions modify live workspace data or that the secret must be protected from shell history, logs, screenshots, and agent/tool output. In an AI-agent context, the JSON mode and direct command examples increase the chance that automation will use broad credentials unsafely or perform unintended writes to production data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs users to export a Notion API key but provides no warning that this credential is sensitive, grants access to user workspace data, and should be stored and handled securely. In agent or shared-shell environments, this omission increases the risk of accidental credential exposure through shell history, logs, screenshots, or reuse in insecure contexts.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill description says the agent can directly operate Notion, but it does not warn that commands may create, modify, or otherwise affect user data. This can mislead users into treating the tool as read-only or low-risk, increasing the chance of unintended writes, data corruption, or privacy-impacting actions in a live workspace.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal