Security Audit

better-notion

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

better-notion received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via Shell Execution.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Potential Command Injection via Shell Execution The skill package provides examples of shell commands, particularly `curl` commands, that are intended to interact with the Notion API. These commands often include dynamic placeholders (e.g., `{page_id}`, `{block_id}`, `{id}`) and JSON payloads that would typically be populated based on user input. If the host LLM constructs and executes these shell commands by directly interpolating untrusted user input without proper sanitization or validation, an attacker could inject malicious shell metacharacters (e.g., `;`, `\|`, `$(...)`) into the command arguments. This could lead to arbitrary command execution on the host system, allowing for data exfiltration, system modification, or other malicious activities. When generating and executing shell commands based on user input, ensure all dynamic parts are rigorously sanitized. For URL paths and query parameters, use URL encoding. For JSON payloads, ensure proper JSON serialization and escaping of special characters. Consider using a robust, language-specific Notion API client library instead of raw `curl` commands, as these libraries typically handle parameter sanitization and API interaction more securely, reducing the risk of injection vulnerabilities.	LLM	SKILL.md:28

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/5d237f5ced9e92cb.svg)](https://skillshield.io/report/5d237f5ced9e92cb)