ClawHub
Back to skill
v1.0.0

Notion

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 4:53 AM.

Analysis

This Notion skill is coherent and disclosed, but users should recognize that it needs a Notion API token and an external CLI that can read or change shared Notion content.

GuidanceBefore installing, create a dedicated Notion integration token, share only the pages or databases you want the agent to access, verify the external Notion CLI package you install, and review any content or schema changes before applying them.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
notion-cli block append <page_id> --markdown "..."
notion-cli page create --parent <page_id> --title "..."
notion-cli page update <page_id> --props <json>
notion-cli db schema apply <database_id> --desired <json>

The skill documents CLI operations that can modify Notion pages, database rows, and schemas. These actions are expected for the stated purpose and the schema section requires explicit confirmation, but users should notice the mutation authority.

User impactIf used on the wrong page or database, the agent could add or change Notion content that other people may rely on.
RecommendationShare the integration only with intended pages or databases, review planned changes before applying them, and require confirmation for schema or bulk updates.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceMediumStatusNote
SKILL.md
The skill is declarative: it documents safe, recommended operations and assumes a local CLI (`notion-cli`) that actually performs API calls.

The actual API behavior is delegated to an external local CLI that is not included or pinned in the artifact set. This is disclosed and central to the skill, but users should choose the CLI source carefully.

User impactA malicious or wrong CLI package could mishandle the Notion token or perform unintended actions.
RecommendationInstall a well-known, maintained Notion CLI from a trusted source, review its permissions, and avoid installing similarly named packages from untrusted registries.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
Copy the Internal Integration Token.
Export it as:

export NOTION_API_KEY=secret_xxx

Share the integration with the pages or databases you want to access.
Unshared content is invisible to the API.

The skill requires a Notion integration token, which is purpose-aligned for the official API. The instructions also explain the intended access boundary: only shared Notion content is visible.

User impactThe token can allow reading or modifying Notion pages and databases that have been shared with the integration.
RecommendationCreate a dedicated Notion integration, share only the minimum required pages or databases, and rotate the token if it is exposed.