Skillv1.0.0

ClawScan security

Notion Workflows · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 15, 2026, 3:45 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description (browser/Playwright automation of Notion) is plausible, but the instructions reference missing scripts/assets and rely on undeclared dependencies and broad page-snapshot actions that could read or export arbitrary Notion content—the gaps make the package incoherent and worth caution.
Guidance: This skill behaves like a browser automation helper for Notion but has gaps that make it unclear what will actually run. Before installing: (1) ask the maintainer to provide the missing scripts/assets (notion-scrape.py, templates) and a clear manifest of required binaries (Playwright, browsers, Python/Node versions); (2) ask how authentication is handled and whether any data is sent to external endpoints; (3) if you test it, do so with a non-sensitive/test Notion account first; (4) avoid enabling autonomous invocation until the author clarifies the missing files and exact operations the skill will perform. If the author cannot supply the missing artifacts and dependency list, treat the skill as untrusted.

Review Dimensions

Purpose & Capability: concernThe skill says it automates Notion via browser/Playwright and references helper scripts/templates, but the registry shows no code files for those scripts/assets and it declares no required binaries or credentials. Running Playwright/browser-driven workflows would normally require browser/runtime dependencies that are not declared, so the declared requirements do not match the stated capability.
Instruction Scope: concernSKILL.md tells the agent to open notion.so, perform auth if needed, snapshot pages/DBs, parse structure, fill rows and export PDFs/snapshots. Those instructions allow reading and exporting arbitrary Notion content the current session can access. The instructions are broad and vague (e.g., "snapshot page/DB", "auth if needed") and reference scripts (notion-scrape.py) and assets that are not present, which is inconsistent and increases risk.
Install Mechanism: noteThere is no install spec (instruction-only), which minimizes on-disk installs. However, the workflow explicitly depends on browser/Playwright tooling and external scripts/templates that are not provided or declared; that missing dependency information is a gap rather than safe evidence.
Credentials: noteThe skill declares no environment variables or credentials. That is internally consistent with using the user's browser session for auth, but the instructions still allow access to all Notion content reachable in that session. The lack of declared credentials or permissions means there is no explicit limitation on what data may be read or exported.
Persistence & Privilege: okalways is false and the skill is user-invocable; it does not request persistent system-wide presence or modification of other skills. Autonomous invocation is allowed (platform default), which combined with the broad instructions increases the potential impact but is not itself unusual.