Security audit

Notion

Security checks across malware telemetry and agentic risk

Overview

This Notion helper is documentation-only and its credential use and Notion write operations match its stated purpose.

Install only if you want an agent to use a Notion integration. Use a dedicated integration, share only the specific pages or databases it needs, protect the API key file with restrictive permissions, and review any POST or PATCH request before running it in a real workspace.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs users to store a live Notion API key in plaintext under ~/.config/notion/api_key without mentioning restrictive file permissions, secret-management alternatives, or the sensitivity of the token. This increases the risk of credential disclosure through local compromise, backups, shell access by other users, or accidental inclusion in logs and tooling.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill includes multiple write-capable operations such as creating pages, creating data sources, updating page properties, and appending blocks, but does not warn that these commands modify user content. In an agent skill context, omission of mutation warnings can lead to unintended destructive or persistent changes if commands are run with real identifiers and credentials.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.