Notion API 2026 01 15
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Notion API instruction skill, but it uses a Notion API key and includes examples that can modify, move, lock, or erase Notion content.
Install this only if you want your agent to help operate the Notion API. Keep the Notion API key secure, connect the integration only to needed pages or databases, and tell the agent to ask before making destructive changes such as moving pages, locking pages, or applying templates that erase content.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent process that can read that local key may be able to access or modify Notion pages and databases shared with the integration.
The skill instructs users to store a Notion integration token locally and later use it as a bearer token for Notion API calls. This is expected for the stated purpose, but it grants delegated access to shared Notion content.
Copy the API key (starts with `ntn_` or `secret_`) ... echo "ntn_your_key_here" > ~/.config/notion/api_key
Share only the necessary Notion pages or databases with the integration, protect the local key file, and revoke or rotate the token if it is no longer needed.
A mistaken page ID, database ID, or template operation could move, lock, update, or erase content in a Notion workspace.
The skill documents direct Notion API calls that can change account data, including an explicitly content-erasing update. This is disclosed and aligned with the Notion management purpose, but it is high-impact if used on the wrong page.
**Apply Template to existing page (erasing content):** ... "erase_content": true
Require explicit confirmation before running update, move, lock, or erase-template operations, and verify target IDs before sending API requests.