ClawHub

memory-to-notion

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it needs review because it can scan prior chats and store selected personal or project details in Notion with broad default scope.

Install only if you intentionally want conversation memories stored in Notion. Use a least-privilege Notion integration, specify the exact chats, dates, or projects to process, ask the agent to preview entries before writing, and avoid exporting secrets, credentials, private personal data, or sensitive project details verbatim.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger text is broad enough to activate on vague requests about reviewing, summarizing, or exporting conversation history, which can cause the skill to run without sufficiently specific user intent for cross-system data export. In this skill’s context, activation leads directly to collection of chat history and writing extracted memories to Notion, so over-broad invocation materially increases the risk of unintended disclosure.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill description does not prominently warn that it may access past conversations and export derived memories into an external Notion workspace. Because the workflow includes retrieving recent chats and storing personal facts, preferences, and detailed content, the lack of upfront disclosure undermines informed consent and makes accidental exfiltration more likely.

Ssd 3

High
Confidence
98% confidence
Finding
The skill is designed to collect valuable content from conversations, decompose it into memories, and persist it in an external database, including facts, preferences, context, and other potentially sensitive personal or project data. This broad collection-and-retention behavior creates a clear data security and privacy risk, especially when retention may be long-term and the user is not prompted to minimize or review the data before export.

Ssd 3

High
Confidence
99% confidence
Finding
The instructions explicitly direct the agent to fetch recent conversations, use search over prior chats, and paginate through multiple rounds for comprehensive archival. That materially increases the blast radius from a single invocation by enabling bulk harvesting of historical conversations and transfer of their contents into Notion, far beyond the minimum necessary for a typical user request.

Ssd 3

High
Confidence
98% confidence
Finding
The schema and guidance encourage storing identity/background information and preserving verbatim code snippets, commands, config values, and URLs, all of which may contain secrets, internal endpoints, credentials, or other sensitive information. In the context of external persistence to Notion, this makes the skill especially dangerous because it converts transient chat data into durable, searchable records that may be accessible to others in the workspace.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal