Trust Assessment
notion-api received a trust score of 80/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 1 low severity. Key findings include Arbitrary file read via environment variable, Dynamic property name injection in Notion page creation, Unvalidated JSON body from user input.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary file read via environment variable The skill attempts to read the Notion API key from a file specified by the `NOTION_KEY_FILE` environment variable. If this variable is set to an arbitrary path (e.g., `/etc/passwd`, `/proc/self/environ`), the skill will attempt to read the content of that file. While the content is primarily intended for an API key, the ability to read arbitrary files from the system is a significant data exfiltration vulnerability. Remove the `process.env.NOTION_KEY_FILE` check. Only allow reading from the fixed `~/.config/notion/api_key` path or from the `NOTION_KEY` environment variable. If `NOTION_KEY_FILE` is absolutely necessary, implement strict validation to ensure the path is within an expected configuration directory and not arbitrary. | LLM | scripts/notion-api.mjs:21 | |
| MEDIUM | Dynamic property name injection in Notion page creation In the `cmdCreatePage` function, the `titleProp` argument, which is directly derived from user input (`--title-prop`), is used as a dynamic key in the Notion API request payload. An attacker could potentially inject arbitrary property names into the Notion page creation request, leading to unintended data manipulation, creation of unexpected properties, or potential bypass of Notion's data schema if not properly validated by the Notion API itself. Validate `titleProp` against a whitelist of expected property names or sanitize it to prevent injection of arbitrary keys. | LLM | scripts/notion-api.mjs:140 | |
| LOW | Unvalidated JSON body from user input The `cmdQuery`, `cmdAppendBlocks`, and `cmdUpdateBlock` functions directly parse and pass a JSON string provided by the user via the `--body` argument to the Notion API. While `JSON.parse` itself does not execute code, an LLM could be prompted to craft a malicious JSON payload designed to exploit potential vulnerabilities in the Notion API's interpretation of the data (e.g., unexpected data types, excessive data, or specific values that trigger unwanted behavior or resource exhaustion). This represents a risk of prompt injection leading to API abuse. Implement schema validation for the JSON body before passing it to the Notion API, especially for sensitive operations. Provide clear documentation on expected JSON structures and advise users against passing untrusted or unvalidated JSON. | LLM | scripts/notion-api.mjs:101 |
Scan History
Embed Code
[](https://skillshield.io/report/dc994259fae190f4)
Powered by SkillShield