Notion DB Weekly Report Generator

Security checks across malware telemetry and agentic risk

Overview

This is a local report generator with disclosed premium-upgrade link metadata, and it does not charge users or contact external services by itself.

Use this as a local formatter for task records, but treat the returned payment_url as informational. Before opening or sharing that link, verify it points to the expected SkillPay domain, especially if SKILLPAY_PAYMENT_URL_TEMPLATE or SKILLPAY_TOPUP_BASE_URL are set.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The skill is presented as a local weekly report generator, but it also constructs external payment URLs and returns upgrade/payment metadata unrelated to the core reporting function. This expands the trust boundary, can leak user identifiers into outbound monetization links, and creates deceptive behavior relative to the declared purpose.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: Reading environment variables to construct payment URLs gives the skill a hidden configuration channel that is not justified by its report-generation purpose. If environment values are misconfigured or attacker-controlled, the skill could generate links to untrusted domains or facilitate phishing/tracking using the supplied user_id.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal