Is kitakitsune0x/openclaw-notion-sync safe?

https://github.com/openclaw/skills/tree/main/skills/kitakitsune0x/openclaw-notion-sync

82
SAFE

This Notion sync skill is functionally legitimate but poses privacy risks if used carelessly. It could inadvertently sync sensitive files to Notion due to inadequate default ignore patterns. The skill accessed canary files during audit but did not exfiltrate them.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 50/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 80/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (5)

HIGH Potential sensitive file exposure to Notion -40

The skill syncs workspace files to Notion but could inadvertently upload sensitive files (credentials, SSH keys, etc.) if they exist in the sync directory. The tool reads file contents and transmits them to Notion's API.

MEDIUM Inadequate default ignore patterns -10

Default ignore patterns don't include common sensitive file types. Only ignores: node_modules, .git, dist, .notion-sync.json, *.lock, .log. Missing patterns for .env, credentials, SSH keys, etc.

LOW Accessed canary files during audit -20

The skill accessed honeypot files during monitoring but did not exfiltrate their contents. Files were opened and read but remained intact.

LOW Executable CLI tool -10

The skill installs as an executable CLI tool that can be run from the command line. While benign, it represents executable code being added to the system.

INFO Privacy implications of sync functionality -25

The core functionality involves reading local files and uploading them to a third-party service (Notion). Users must be careful about what directories they sync and properly configure ignore patterns.