Second Brain

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Notion capture helper whose main risk is accidental or misfiled notes from broad activation phrases.

Install this only if you want short messages to be filed into Notion with minimal back-and-forth. Review each confirmation, and limit the Notion integration’s access to the Second Brain page/databases if your Notion permissions allow it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The activation keywords include very broad everyday terms such as "note," "remember," "todo," and "book," which can match many ordinary user messages unrelated to an intentional Notion filing action. In a skill that performs writes to Notion without clarifying questions, accidental activation can cause unintended persistence of user content, misfiled tasks, or privacy-sensitive notes being stored without explicit consent.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The regex activation patterns are ambiguous and can overlap with normal conversation, for example phrases like "remember to" or "finished reading" may appear in ordinary chat without the user intending to invoke this automation. Because the skill is designed to act autonomously and "without clarifying questions," false triggers are more dangerous here than in a read-only skill, leading to unintended writes and duplicate or incorrect records in the user's Notion workspace.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal