Notion

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Notion integration that uses Membrane for OAuth-backed Notion access, with expected read/write workspace powers but no hidden or unrelated behavior found.

Install only if you trust Membrane with the Notion workspace you connect. Use the least-privileged Notion connection available, confirm exact page, database, and block targets before write, archive, restore, delete, or proxy requests, and be especially careful with shared workspaces or bulk changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill explicitly documents destructive operations such as deleting blocks and archiving pages but does not pair them with guidance to confirm intent, warn about irreversible or hard-to-reverse effects, or distinguish read-only from write/delete actions. In an agent setting, this increases the chance of unintended data modification or deletion when a user request is ambiguous or the model selects a high-impact action without adequate confirmation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal