Back to skill

Security audit

Sync Data Notion

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Notion sync skill with real write capability, but its behavior is purpose-aligned and includes dry-run, validation, reporting, and confirmation guidance.

Install only if you intend to let the agent read and modify a Notion database. Use a limited-scope Notion integration token, test with --dry-run or a sandbox database first, review field mappings and external REST targets, and avoid --auto-approve for production data unless the source and destination are already trusted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Low
Confidence
97% confidence
Finding
The file defines a full test runner in one `_main()` and then later redefines `_main()` to call `_run_unit_tests()`, which is not defined in this file. Because Python uses the last definition, executing the script will fail or behave unexpectedly, undermining test execution and potentially allowing broken or unsafe skill changes to pass through without the intended validation.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The README documents a write mode for syncing data into Notion but gives no warning that it may create, update, or overwrite remote data. In a data-sync skill, unclear write semantics increase the risk of accidental destructive operations, especially if users assume the command is non-destructive or reversible.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
Documenting a write mode that modifies external systems without any warning increases the chance of unintended destructive or privacy-impacting actions. In this skill's context, syncing to a Notion database can overwrite, duplicate, or leak user data if users invoke write mode without understanding the consequences.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- Do not skip records silently — every skip must be reported with a reason in the summary
- Do not perform full sync without a dry-run option — always offer `--dry-run` to preview changes
- Do not overwrite existing records unless the field values have actually changed (compare all fields)
- Do not sync to a production Notion database without confirming with the user first (unless `--auto-approve` is set)
- Do not assume all Notion property types are writable — `formula`, `relation`, `rollup`, `file`, `verified` are read-only in Notion API

### Do
Confidence
80% confidence
Finding
auto-approve

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- Do not skip records silently — every skip must be reported with a reason in the summary
- Do not perform full sync without a dry-run option — always offer `--dry-run` to preview changes
- Do not overwrite existing records unless the field values have actually changed (compare all fields)
- Do not sync to a production Notion database without confirming with the user first (unless `--auto-approve` is set)
- Do not assume all Notion property types are writable — `formula`, `relation`, `rollup`, `file`, `verified` are read-only in Notion API

### Do
Confidence
80% confidence
Finding
--auto-approve

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.