notion
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill documentation instructs users to execute remote scripts by piping
curloutput directly intobash. This pattern (curl -sSL https://canifi.com/skills/notion/install.sh | bash) allows the remote server to execute arbitrary code on the user's machine without prior inspection. - Evidence: Found in
SKILL.mdunder the 'Quick Install' and 'Setup' sections. - COMMAND_EXECUTION (HIGH): The use of shell-based installation and environment configuration tools (
canifi-env) implies the execution of privileged system commands. Since these scripts originate from an untrusted source, they pose a significant threat to system integrity. - CREDENTIALS_UNSAFE (HIGH): The skill encourages users to store sensitive information, including plain-text passwords (
SERVICE_PASSWORD), in environment variables. While it claims these are local, the use of custom scripts to manage them increases the attack surface for credential theft. - Evidence: Found in the 'Option 2: Environment Variables' section of
SKILL.md. - EXTERNAL_DOWNLOADS (MEDIUM): The skill relies on multiple external scripts hosted on
canifi.com, which is not a verified or trusted source (e.g., official GitHub organizations). This introduces a supply chain risk where the domain or scripts could be compromised.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/skills/notion/install.sh, https://canifi.com/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata