ClawHub

Notion Database Automation

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Notion database automation skill, but users should handle tokens and bulk operations carefully.

Install only for Notion databases you intend to automate. Store the token in OpenClaw secrets or an environment variable, avoid hardcoding it, share only the needed databases with the integration, and review filters and output paths carefully before bulk updates, archiving, deletion, or full exports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill advertises and demonstrates capabilities that require network access, file read/write, and environment-variable access, yet no permissions are declared. This creates a transparency and governance gap: users and enforcement systems cannot accurately assess or constrain what the skill may access, increasing the chance of unintended data exposure or overbroad execution.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The declared purpose emphasizes automation, batch creation, filtering, content generation, and export, but the described behavior also includes updating existing pages, archiving/unarchiving, and retrieving page or block content. This mismatch is risky because users may authorize the skill expecting lower-risk operations while it can perform broader read/write and destructive actions against Notion content.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly promotes bulk archive or delete operations but does not warn users about irreversible or difficult-to-reverse data loss. In the context of Notion databases, bulk actions can affect many records at once, so missing warnings and safeguards materially increase the risk of accidental destructive changes.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Advertising export of an entire Notion database without any privacy or data-handling warning is risky because exports may include sensitive business, personal, or credential-adjacent information. The skill context makes this more dangerous since whole-database export amplifies the volume and sensitivity of potential disclosure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The authentication guidance suggests passing API tokens directly in code or via environment variables without warning users not to hardcode, log, or expose secrets. This is dangerous because credential mishandling can lead to unauthorized access to all databases shared with the integration, especially when examples encourage direct token placement.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script exports all queried database rows and properties directly to a local CSV file, which can persist sensitive business or personal data in plaintext on disk. Because this is a bulk export utility for Notion databases, the skill context makes the issue more significant: users may reasonably run it against databases containing confidential records without any warning, minimization, or output protection.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal