ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Notion Skill Publish

v1.0.1

Complete Notion API integration with Python CLI offering auto-pagination, recursive blocks, rate-limit retry, and agent operation strategies for efficient No...

0· 79·0 current·0 all-time
by@baixiaodev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, README, SKILL.md and the Python CLI source are coherent: this is a Notion API integration offering search, read, write, pagination, recursive block fetching, and rate-limit retry. The code calls only Notion endpoints (https://api.notion.com) and implements the features claimed.
Instruction Scope
SKILL.md instructs agents to use the included scripts/notion_api.py for all Notion operations and documents expected workflows and limits. The runtime instructions and the script stay within Notion-related operations; they do not reference unrelated external endpoints. The script does, however, read user config (~/.openclaw/openclaw.json) and environment variables for the API key — this is relevant and explicitly documented in SKILL.md.
Install Mechanism
There is no install spec (instruction-only with a bundled script). No third-party downloads or package installs are performed by the skill — low install risk.
!
Credentials
Registry metadata declares no required env vars or config paths, but SKILL.md and the script clearly require a Notion API key (NOTION_API_KEY) and will read ~/.openclaw/openclaw.json for skills.entries.notion-pro or notion. The skill should declare this primary credential/config path. Requesting a Notion API key is proportionate to the stated purpose, but the omission from metadata is an inconsistency that affects user consent and gating.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide changes. It reads its own OpenClaw config and environment variables but does not modify other skills or global settings. Autonomous invocation is allowed by default (normal).
What to consider before installing
This skill's code and docs implement a legitimate Notion CLI and only call the official Notion API, but the registry metadata does not list the credential and config file it actually uses. Before installing: (1) expect to provide a Notion integration API key (ntn_xxx) and prefer a token scoped minimally; (2) confirm where you will store the key — environment variable NOTION_API_KEY or ~/.openclaw/openclaw.json — and ensure the chosen storage meets your security policies; (3) review scripts/notion_api.py yourself (it is included) to verify it only contacts https://api.notion.com and doesn't exfiltrate data elsewhere; (4) consider creating a Notion integration with limited access and sharing only necessary pages/databases; (5) ask the publisher to correct the registry metadata to declare NOTION_API_KEY (primary credential) and the config path so consent and gating work properly. If you need higher assurance, run the skill in an isolated environment first or audit network traffic to confirm only Notion API calls occur.

Like a lobster shell, security has layers — review code before you run it.

latestvk9755px5kmr4wf3exz2aa0vs0d83fqab

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments