notion-api

================================================================================

🔴 VERDICT: HIGH

This skill presents a HIGH risk due to its reliance on an unverified external script that handles sensitive API keys and performs network operations. Without access to the script's source code, its behavior cannot be audited, posing a significant security risk.

Total Findings: 4

🔴 HIGH Findings: • Unverifiable External Code

• SKILL.md: The skill's core functionality is implemented in node scripts/notion-api.mjs. This script is not provided for analysis within the skill's files. The _meta.json references a GitHub commit (https://github.com/clawdbot/skills/commit/4f73edc268e214239398383be1358315fecc5565), but the clawdbot GitHub organization is not on the list of trusted sources. This means the primary executable code for the skill is external and unverified, making it impossible to ascertain its safety or malicious intent. • Data Exfiltration Risk (Sensitive Credential Handling)
• SKILL.md: The skill instructs users to provide a Notion API key via NOTION_KEY environment variable or by reading it from ~/.config/notion/api_key. While these are common methods for handling API keys, the unverified scripts/notion-api.mjs is responsible for processing this sensitive credential. Without auditing the script, there's a high risk that the API key could be exfiltrated to an attacker-controlled server or misused.

ℹ️ INFO Findings: • Indirect Prompt Injection Susceptibility

• SKILL.md: The skill interacts with the Notion API to search, query databases, and create pages. This involves processing external data from Notion. If this data (e.g., page content, database entries) contains malicious instructions, it could potentially lead to indirect prompt injection against the AI agent using this skill. This is a general risk for skills that process external, user-controlled content.

================================================================================