Notion
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: notion-api-skill Version: 1.0.10 The skill provides a managed OAuth integration for the Notion API through a third-party proxy service (api.maton.ai). The documentation in SKILL.md is comprehensive and includes explicit safety instructions for the AI agent, such as requiring user confirmation for all write operations and verifying connection IDs. No evidence of malicious intent, data exfiltration, or unauthorized execution was found; the code and instructions are consistent with the stated purpose of providing a simplified interface for Notion workspace management.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and authorizing this skill can let the agent access Notion workspace content and, with confirmation, modify or delete Notion resources.
The skill uses delegated Notion OAuth access and can read and mutate workspace resources. This is expected for the stated purpose and is disclosed, but it grants meaningful account authority.
Access the Notion API with managed OAuth authentication. Query databases, search pages, and read workspace content. All write operations (creating, updating, or deleting pages, blocks, and databases) require explicit user confirmation
Authorize only the intended Notion workspace/pages, use the intended connection ID, review all write/delete requests carefully, and revoke the connection when no longer needed.
A mistaken or insufficiently reviewed API call could create, update, or delete the wrong Notion page, block, or database.
The skill exposes a broad native Notion API path including write methods. The artifact includes an explicit confirmation boundary, so this is purpose-aligned but still worth user attention.
https://api.maton.ai/notion/{native-api-path} ... Write operations (POST, PATCH, DELETE) must only be executed after the user confirms the target page/database ID and intended connection.Use read-only/search actions by default, and require explicit confirmation of the exact page/database ID, operation, and connection before any write.
Notion queries and returned workspace content may be processed through Maton's service rather than going directly from the agent to Notion.
Notion requests and responses pass through Maton's API gateway, and Maton handles OAuth token injection. This is disclosed and central to managed OAuth, but it is an external data boundary.
Maton proxies requests to `api.notion.com` and automatically injects your OAuth token.
Install only if you trust Maton to broker Notion access, and avoid granting access to highly sensitive Notion content unless necessary.
If you install the optional CLI, you are trusting software outside this instruction-only skill package.
The skill documents optional global CLI installation from external package managers. There is no automatic install spec or bundled code to review here, so this is a user-directed setup note rather than a concern.
npm install -g @maton-ai/cli ... brew install maton-ai/cli/maton
Verify the Maton CLI package/source before installing, or use the documented direct API/Python approach if you do not need the CLI.