扫描报告
5 /100
diy-pc-ingest
Ingest pasted PC parts purchase/config text into Notion DIY_PC tables
A legitimate PC parts inventory ingestion tool for Notion with transparent behavior, declared dependencies, and no malicious indicators.
可以安装
This skill is safe to use. No security concerns identified.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 网络访问 | READ | READ | ✓ 一致 | Scripts only call Notion API |
| 文件系统 | NONE | NONE | — | No file writes, only reads local config |
| 命令执行 | WRITE | WRITE | ✓ 一致 | execFileSync calls notionctl.mjs (declared in metadata) |
| 环境变量 | READ | READ | ✓ 一致 | Reads NOTION_API_KEY and NOTION_VERSION |
2 项发现
中危 外部 URL 外部 URL
https://www.notion.so/my-integrations README.md:32 中危 外部 URL 外部 URL
https://api.notion.com/v1 scripts/_deprecated/notion_apply_records.py:29 目录结构
6 文件 · 51.9 KB · 1456 行 Python 1f · 576L
JavaScript 1f · 485L
Markdown 3f · 363L
JSON 1f · 32L
├─
▾
references
│ ├─
config.example.json
JSON
│ └─
notion-ids.md
Markdown
├─
▾
scripts
│ ├─
▾
_deprecated
│ │ └─
notion_apply_records.py
Python
│ └─
notion_apply_records.js
JavaScript
├─
README.md
Markdown
└─
SKILL.md
Markdown
依赖分析 2 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
node (binary) | any | system | 否 | Declared required dependency |
notion-api-automation (skill) | latest | clawhub | 否 | Declared skill dependency |
安全亮点
✓ No obfuscation or encoded payloads detected
✓ No credential exfiltration - API key used only for Notion API calls
✓ No reverse shell, C2 communication, or data theft patterns
✓ Network access limited to declared Notion API endpoint
✓ Shell execution is minimal and controlled (execFileSync for notionctl)
✓ Local config files (~/.config) are legitimate for skill configuration
✓ Web enrichment is optional and user-controlled
✓ All Notion IDs passed as CLI arguments (not hardcoded)