Notion IM Helper
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is mostly a Notion sync helper, but it can write and delete Notion content and may search beyond the stated single target page unless carefully scoped.
Install only if you are comfortable giving it a Notion integration token. Use a dedicated integration connected only to the intended page, require explicit prefixes before recording, be cautious with undo, and verify the Python upload dependency before using local image uploads.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Messages the user did not intend to save could be written into their Notion page.
The agent is instructed to treat otherwise unmatched messages as Notion records, so ordinary chat text could be appended to Notion without an explicit recording prefix or confirmation.
Smart Detection (no prefix matched → AI infers) ... Otherwise → idea
Require explicit record prefixes or a confirmation step before writing unprefixed messages to Notion.
Using undo could remove existing Notion content, contradicting the append-only safety expectation.
If the pending undo batch is absent or expired, the code deletes the current last block on the target page, not necessarily a block created by this skill.
No pending batch, delete single last block ... result = api_request("DELETE", f"blocks/{block_id}")Limit undo to block IDs created by this skill, avoid fallback deletion of arbitrary last blocks, and ask for confirmation before any delete.
Search results may include titles or URLs from other Notion pages that the integration can access, not just the intended record page.
The search command uses Notion's account-level search endpoint with the integration token and does not constrain results to NOTION_PARENT_PAGE_ID.
req = urllib.request.Request(f"{BASE_URL}/search", data=data, headers=get_headers(), method="POST")Use a dedicated Notion integration connected only to the target page, or change search to read/filter only the configured page.
Installing an unverified upload helper could expose the Notion token or selected files.
Optional image upload depends on an additional Python package that receives the Notion token and local file path; users should verify this dependency because it is not part of the included source.
from notion_upload import notion_upload as nu ... uploader = nu(file_path, file_name, API_KEY, enforce_max_size=True)
Document and pin the upload dependency, or review/vendor the upload implementation before using local image upload.
Any local image path supplied to the skill may be uploaded to Notion's servers.
The skill clearly discloses that user-selected local images are sent to Notion; this is purpose-aligned, but it is a sensitive data transfer.
Local files are uploaded to Notion servers via the File Upload API
Only provide image files you intend to store in Notion, and avoid sending sensitive local paths or files accidentally.
Monthly summaries or random quote commands may expose Notion page content to the chat/LLM context.
The monthly summary path retrieves all child blocks from the configured Notion page for summarization, bringing page contents into the agent context.
all_blocks.extend(result["results"])
Use the summary feature only on pages whose contents are appropriate for agent processing, or add filtering/redaction for sensitive records.