Notion 想法点子库 + 里程碑追踪

Security checks across malware telemetry and agentic risk

Overview

This Notion skill is a disclosed helper for reading and writing Notion records, with user confirmation before its bundled write scripts mutate data.

Install only if you intend to connect this agent to Notion. Use a dedicated least-privilege Notion integration token, protect ~/.config/notion/api_key, confirm the hard-coded database IDs match your workspace, and read confirmation prompts carefully before approving writes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 81% confidence
Finding: Broad trigger phrases like '这是个好想法' can overlap with ordinary conversation and may unintentionally initiate a write-oriented workflow. In a persistence skill connected to an external SaaS, accidental activation can cause unintended storage of user content or metadata in Notion.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The update-status table includes vague natural-language phrases such as '进行中' or '不要了' that are common in everyday conversation and could map to destructive or state-changing actions. This raises the risk of unintended record modification or archival in the connected Notion workspace.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal