Notion Manager

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a Notion helper that openly uses a Notion token to add or manage user-directed content, with no evidence of hidden exfiltration or unrelated behavior.

Install only if you intend to let the agent access and modify the selected Notion workspace/page/database. Use a least-privilege Notion integration, connect only the specific resources needed, and confirm write or undo/delete actions before running them.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill explicitly requires a Notion API key and is designed to make outbound API calls, yet it declares no permissions despite having network capability. This undermines transparency and policy enforcement, making it easier for a write-capable integration to be invoked without users or platforms clearly understanding that external network access occurs.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill supports write-capable operations such as createPage, updatePage, appendBlocks, and createDataSource, but the description does not warn that these actions can modify or expand workspace content. In a SaaS workflow setting, this increases the risk of accidental destructive changes, data sprawl, or unauthorized content manipulation if the skill is invoked with broad integration access.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal