ClawHub

Notion API 2026 01 15

PassAudited by VirusTotal on May 12, 2026.

Overview

Type: OpenClaw Skill Name: notion-2026-01-15 Version: 1.0.1 The skill bundle is benign. It provides instructions and examples for interacting with the Notion API, including setup for storing and using an API key from `~/.config/notion/api_key`. All network requests in `SKILL.md` are directed to the official Notion API endpoint (`https://api.notion.com/v1/`). There is no evidence of prompt injection against the agent, data exfiltration to unauthorized endpoints, malicious execution, persistence mechanisms, or obfuscation. The file access is limited to the explicitly defined API key file for its stated purpose.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Note
ASI03: Identity and Privilege Abuse
What this means

Anyone or any agent process that can read that local key may be able to access or modify Notion pages and databases shared with the integration.

Why it was flagged

The skill instructs users to store a Notion integration token locally and later use it as a bearer token for Notion API calls. This is expected for the stated purpose, but it grants delegated access to shared Notion content.

Skill content
Copy the API key (starts with `ntn_` or `secret_`) ... echo "ntn_your_key_here" > ~/.config/notion/api_key
Recommendation

Share only the necessary Notion pages or databases with the integration, protect the local key file, and revoke or rotate the token if it is no longer needed.

Note
ASI02: Tool Misuse and Exploitation
What this means

A mistaken page ID, database ID, or template operation could move, lock, update, or erase content in a Notion workspace.

Why it was flagged

The skill documents direct Notion API calls that can change account data, including an explicitly content-erasing update. This is disclosed and aligned with the Notion management purpose, but it is high-impact if used on the wrong page.

Skill content
**Apply Template to existing page (erasing content):** ... "erase_content": true
Recommendation

Require explicit confirmation before running update, move, lock, or erase-template operations, and verify target IDs before sending API requests.