Vibe Notion
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This Notion skill is purpose-aligned, but it asks to use an unreviewed npm CLI that auto-extracts your Notion desktop session token, can make broad workspace changes, and stores persistent workspace memory.
Before installing, decide whether you trust the external `vibe-notion` npm package with your Notion account. Expect it to extract and store your Notion desktop token, read and modify workspace content as you, and keep persistent local memory. Require explicit confirmation before any delete, archive, schema update, replace-content, comment posting, upload, or bulk batch operation.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and using this skill can give the CLI user-level access to the user's Notion workspaces, including private pages and workspace mutations.
The skill uses the user's Notion desktop session token, acts with the user's identity, and persists that credential locally, while registry metadata declares no primary credential.
Auth | `token_v2` auto-extracted from Notion desktop app ... Identity | Acts as the user ... The extracted `token_v2` is stored at `~/.config/vibe-notion/credentials.json`
Use only if you trust this package with your Notion account; prefer the official Notion API/integration-token flow where possible, and inspect or remove `~/.config/vibe-notion/credentials.json` if you uninstall.
The agent could modify or delete Notion database structure based on generated hints rather than a direct user request.
The skill tells the agent to execute suggested commands from CLI output, including destructive database property deletion, without requiring explicit user review.
When `$hints` is present: Read each hint carefully and execute the suggested fix commands ... Fix: run `database delete-property <database_id> ...`
Treat hints as advisory only; require explicit user confirmation before delete, archive, replace-content, schema-change, comment-posting, or bulk batch operations.
Workspace identifiers, page/database names, and user preferences may persist across tasks and influence later actions even when the current user did not restate them.
The skill creates cross-session persistent memory for Notion workspace structure and preferences, but does not define retention, consent, validation, or poisoning controls.
At the start of every task, read `~/.config/vibe-notion/MEMORY.md` ... After discovering useful information, update ... Workspace IDs ... Page IDs ... Database/collection IDs ... User-given aliases
Review this memory file periodically, delete stale or sensitive entries, and avoid storing page contents or confidential workspace details unless the user explicitly wants that.
The most sensitive code path is not reviewable from the provided artifacts, so the user must trust the external package with Notion account access.
The main CLI is installed from an external npm package with no source/homepage provided in the registry context, and that CLI is responsible for private API access and token handling.
Source: unknown; Homepage: none; Install specifications: node | package: vibe-notion | creates binaries: vibe-notion
Audit the npm package and its source before use, pin a known-good version, and avoid installing it in environments where Notion workspace access is highly sensitive.