Notion
Security checks across malware telemetry and agentic risk
Overview
This skill is a Notion API helper, but it gives an agent broad read/write/delete access to a Notion workspace through a third-party OAuth gateway with limited safety guidance.
Install only if you trust Maton with Notion OAuth access and are comfortable letting an agent operate on your workspace. Use a least-privileged/test Notion workspace or connection first, keep MATON_API_KEY private, and require explicit user confirmation before create, update, archive, delete, or connection-management requests.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.