Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
"notion-to-md": "convert.js" }, "dependencies": { "@notionhq/client": "^2.2.0", "dotenv": "^16.0.0", "notion-to-md": "^3.1.9" },- Confidence
- 93% confidence
- Finding
- "@notionhq/client": "^2.2.0"
Notion to Markdown
Security checks across malware telemetry and agentic risk
Overview
This is a straightforward Notion-to-Markdown exporter that discloses its Notion token use and writes converted content locally.
Use a dedicated Notion integration with Reader access, share only the pages or databases you intend to export, keep NOTION_API_KEY out of version control, and prefer npm ci or pinned dependency updates if you need reproducible installs.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
}, "dependencies": { "@notionhq/client": "^2.2.0", "dotenv": "^16.0.0", "notion-to-md": "^3.1.9" }, "devDependencies": {},- Confidence
- 93% confidence
- Finding
- "dotenv": "^16.0.0"
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
"dependencies": { "@notionhq/client": "^2.2.0", "dotenv": "^16.0.0", "notion-to-md": "^3.1.9" }, "devDependencies": {}, "scripts": {- Confidence
- 94% confidence
- Finding
- "notion-to-md": "^3.1.9"
VirusTotal
66/66 vendors flagged this skill as clean.