ClawHub

Notion Hardened

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent Notion API helper, but it needs review because bundled safety examples model unsafe handling of a raw Notion API key.

Review before installing. Use a dedicated least-privilege Notion integration, share only the specific pages or databases needed, and do not paste the Notion API key into chat. Configure the key through a protected environment variable or secret manager, and confirm any bulk, schema-changing, or destructive Notion operation before it runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Natural-Language Policy Violations

Medium
Confidence
98% confidence
Finding
The example explicitly instructs users to paste a Notion API key into chat, which normalizes insecure secret handling and can lead to credential exposure in logs, transcripts, or downstream systems. In a safety document, this is especially risky because it presents the behavior as acceptable remediation during security-sensitive workflows.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
This text again asks for direct disclosure of a Notion API key, reinforcing an unsafe pattern of secret sharing with the agent. Repeated examples increase the chance that implementers or users will adopt insecure credential handling as part of normal operation.

Natural-Language Policy Violations

Medium
Confidence
99% confidence
Finding
Even the 'pass' example recommends pasting the API key directly, which undermines the document's safety claims by treating secret disclosure as acceptable. Because these are endorsed examples, they could propagate insecure patterns into production deployments and user behavior.

Natural-Language Policy Violations

High
Confidence
100% confidence
Finding
This section not only asks for the API key directly but also claims direct sharing 'will be secure,' which is materially misleading and can induce users to expose credentials. In practice, chat systems may retain logs, telemetry, or human review access, so this creates a severe secret-exfiltration risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal