Back to skill
Skillv0.1.0
VirusTotal security
Notion Sync · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:18 AM
- Hash
- fa2d62a270618f92463ff1a9615d7f682a827c3fad61e6f41f76c9140cce68b7
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-notion-sync Version: 0.1.0 The skill's core functionality involves reading local files and syncing them to Notion, which requires both file system and network access, consistent with its stated purpose. However, the Notion API token is stored in plain text within the `.notion-sync.json` configuration file. While this is a common practice for CLI tools, it represents a vulnerability as it exposes sensitive credentials if the config file is compromised. There is no evidence of intentional malicious behavior such as exfiltration to unauthorized endpoints, persistence mechanisms, or prompt injection attempts designed to subvert the agent's purpose beyond the stated functionality.
- External report
- View on VirusTotal