ClawHub
Back to skill

Security audit

Notion助手

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Notion API helper, with expected read/write workspace abilities and no hidden installer, persistence, or unrelated behavior found.

Install only if you intend to connect an agent to your Notion workspace. Use a least-privilege Notion integration, share only the needed pages or databases with it, avoid hardcoding real API tokens, and confirm the exact target before allowing create or update actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation phrases are generic enough to match ordinary note-taking or knowledge-base requests, which can cause the skill to trigger when the user did not explicitly intend to use Notion. In this skill's context, unintended activation is more dangerous because the tool can query, create, and update remote Notion content, potentially sending workspace identifiers and content to an external API or modifying data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill does not warn users that page content, database IDs, search queries, and other workspace metadata will be transmitted to the Notion API and that remote pages or databases may be modified. This omission increases the risk of accidental data disclosure or unintended writes, especially because the skill includes create, update, search, and query capabilities against a live third-party workspace.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.