中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:2 days ago Rescan
5 /100
notion-time-management-matrix
待办事项管理技能,用于通过 exec 调用 Python 脚本完成指定notion数据库的连接,基于四象限法则进行时间管理
This is a legitimate Notion API integration skill for four-quadrant time management with no malicious behavior or undeclared capabilities.
Skill Namenotion-time-management-matrix
Duration28.9s
Enginepi
Safe to install
This skill is safe to use. All operations are declared, necessary, and directly related to its documented purpose of managing Notion tasks.

Findings 1 items

Severity Finding Location
Low
Local state file persistence
The skill creates a local state file (notion_quadrant_manager_state.json) for caching database connection and field mappings. This is transparent and documented.
STATE_PATH.write_text(json.dumps(state, ensure_ascii=False, indent=2), encoding='utf-8')
→ No action needed - state file is necessary for performance and documented in SKILL.md
 scripts/notion_quadrant_manager.py:69
ResourceDeclaredInferredStatusEvidence
Filesystem NONE READ ✓ Aligned Reads ~/.config/notion/api_key for credentials - declared in SKILL.md
Filesystem WRITE WRITE ✓ Aligned Creates notion_quadrant_manager_state.json in script directory - declared in SKI…
Network READ READ ✓ Aligned Only accesses https://api.notion.com/v1 - legitimate API usage
Shell WRITE WRITE ✓ Aligned Executes python3 scripts - declared in SKILL.md
Environment NONE NONE API key stored in file, not environment variables
1 findings
🔗
Medium External URL 外部 URL
https://api.notion.com/v1
scripts/notion_quadrant_manager.py:14

File Tree

2 files · 42.0 KB · 1265 lines
Python 1f · 1055L Markdown 1f · 210L
├─ 📁 scripts
│ └─ 🐍 notion_quadrant_manager.py Python 1055L · 35.2 KB
└─ 📝 SKILL.md Markdown 210L · 6.8 KB

Dependencies 1 items

PackageVersionSourceKnown VulnsNotes
requests * pip No Standard HTTP library, version not pinned but no network exfiltration

Security Positives

✓ All network requests go to legitimate Notion API endpoint (https://api.notion.com/v1)
✓ No credential exfiltration - API key stored locally and only used for Notion API
✓ No hidden functionality - all capabilities match documentation
✓ No base64, eval, or obfuscation patterns
✓ No remote script execution (curl|bash, wget|sh)
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No environment variable enumeration for credentials
✓ Clean code with proper error handling
✓ MIT license, versioned (0.1.2), identifiable author