Vibe Notionbot
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly a Notion integration, but its instructions also steer the agent toward an unofficial Notion CLI that can use the user's desktop session instead of the declared bot-style API flow.
Use caution before installing. If you want the official Notion API bot, ensure the agent only runs `vibe-notionbot` with a least-privileged `NOTION_TOKEN`, not the sibling `vibe-notion` private-API flow. Confirm destructive or bulk operations manually, and remember that the installed npm package code was not included in the provided review artifacts.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may believe they are granting a scoped Notion integration token, while the agent is guided toward a broader user-session based path when available.
The skill is presented as an official API bot, but the decision flow recommends a different CLI that uses a private API and the user's identity. That is a material mismatch in the authority a user would expect.
API | Unofficial private API ... Auth | `token_v2` auto-extracted from Notion desktop app ... Identity | Acts as the user ... If both are available → prefer `vibe-notion`
Remove the `vibe-notion` decision flow from this skill or split it into a separate, clearly labeled skill that requires explicit user opt-in for private API and desktop-session use.
The agent could operate with the user's Notion account privileges rather than a scoped bot integration, increasing the blast radius of mistakes or misuse.
Reading or using a local Notion desktop session token and acting as the user is high-impact account authority, and it exceeds the stated `vibe-notionbot` official-bot integration model.
Auth | `token_v2` auto-extracted from Notion desktop app ... Identity | Acts as the user
Use only the least-privileged `NOTION_TOKEN` integration flow for this skill, declare the credential requirement in metadata, and do not auto-extract local user session tokens.
Incorrect IDs, prompts, or batch files could alter or archive many Notion pages or database records.
The CLI exposes persistent Notion mutation and bulk-operation capabilities. This is purpose-aligned for a Notion management skill, but users should notice the impact before allowing broad or destructive commands.
Replace all content on a page with new markdown ... Archive (delete) a page ... The `batch` command already handles bulk operations of any size.
Ask for explicit user confirmation before destructive, replacement, or bulk operations, and show the target pages/databases before making changes.
Installing the skill will run code from the external package that was not visible in these artifacts.
The skill depends on an external Node package, while the provided artifacts contain only `SKILL.md` and no code for the scanner to inspect. This is common for CLI-based skills but limits review coverage.
node | package: vibe-notion | creates binaries: vibe-notionbot
Install only from a trusted package source, pin or verify the package version, and review the package repository before using it with Notion credentials.
Local markdown files and images may be sent to the connected Notion workspace.
The skill can read selected local files and upload their content or referenced images to Notion. This is disclosed and purpose-aligned, but it is still a data-boundary event.
Create a page with markdown from a file ... `--markdown-file ./content.md` ... local images (auto-uploaded to Notion)
Use file-upload commands only with files intended for Notion, and review markdown files for embedded or referenced sensitive content before uploading.