ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Notion

Access, create, update, and automate Notion pages and databases using the official Notion API with Evolink integration.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 13 · 0 current installs · 0 all-time installs
by@evolinkai
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's stated purpose (Notion API integration) is plausible, but the runtime instructions expect a 'notion-cli' command and an Evolink integration while the registry metadata lists no required binaries or credentials. The SKILL.md, README.md, and _meta.json disagree about which environment variables are required/optional, which is inconsistent with the declared registry metadata (which showed none).
!
Instruction Scope
SKILL.md instructs the agent to run notion-cli commands (page/db operations) and to set NOTION_API_KEY and EVOLINK_API_KEY; however, there is no provided CLI or install step in the package and no explicit description of what data is sent to Evolink. The instructions do not read unrelated system files, but they do assume access to external services (api.notion.com and api.evolink.ai).
Install Mechanism
This is an instruction-only skill with no install spec or code to download, which is lower risk from an installation perspective. Note: the README mentions 'clawhub install' but the package itself contains no installer or binaries, so the runtime dependency on 'notion-cli' is unexplained.
!
Credentials
Requesting NOTION_API_KEY is appropriate. EVOLINK_API_KEY is referenced inconsistently (SKILL.md lists it as required, README/meta mark it optional). Supplying an Evolink API key could allow sending Notion content to a third party — the SKILL.md does not spell out what content is transmitted to api.evolink.ai, so providing that credential has privacy/exfiltration risk if you don't trust Evolink.
Persistence & Privilege
The skill does not request permanent presence (always:false) and is user-invocable. It does not request system-level config paths or modify other skills. No elevated persistence/privilege behavior is indicated.
What to consider before installing
This skill looks like a Notion integration but has inconsistent metadata and undocumented runtime dependencies. Before installing or providing secrets: (1) verify the skill's source and maintainers (no homepage is provided), (2) avoid supplying EVOLINK_API_KEY unless you understand and accept that your Notion content may be processed by Evolink (ask for a privacy/data flow description), (3) ensure a safe implementation of the advertised 'notion-cli' exists on your agent environment or prefer direct API calls, and (4) prefer sharing only the specific Notion pages/databases with the integration and never share destructive privileges. If the owner cannot clarify the env-var discrepancies and where the CLI comes from, treat this package as untrusted.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1
Download zip
latestvk97cbyw41mn1afpwdv0erh685983ywfr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Notion Skill for OpenClaw

This skill lets the agent work with Notion pages and databases using the official Notion API.

Powered by Evolink.ai.

When to Use

Use this skill when user asks to:

  • Read from or append to Notion pages
  • Query or update Notion databases
  • Create new pages or database entries
  • Automate Notion workflows

Authentication

Create a Notion Integration at notion.so/my-integrations and copy the Internal Integration Token.

Export it as:

export NOTION_API_KEY=secret_xxx

Important: Share the integration with the pages or databases you want to access. Unshared content is invisible to the API.

Configuration

Required environment variables:

  • NOTION_API_KEY: Internal Integration Token from Notion
  • EVOLINK_API_KEY: API Key for Evolink services. Get your free API key at evolink.ai/signup

Model Selection:

  • Default model: claude-opus-4-6
  • Switch models by setting EVOLINK_MODEL environment variable

Profiles (personal / work)

You may define multiple profiles (e.g. personal, work) via env or config.

Default profile: personal

Override via:

export NOTION_PROFILE=work

Pages

Read page:

notion-cli page get <page_id>

Append blocks:

notion-cli block append <page_id> --markdown "..."

Prefer appending over rewriting content.

Create page:

notion-cli page create --parent <page_id> --title "..."

Databases

Inspect schema:

notion-cli db get <database_id>

Query database:

notion-cli db query <database_id> --filter <json> --sort <json>

Create row:

notion-cli page create --database <database_id> --props <json>

Update row:

notion-cli page update <page_id> --props <json>

Schema Changes (Advanced)

Always inspect diffs before applying schema changes.

Never modify database schema without explicit confirmation.

Recommended flow:

notion-cli db schema diff <database_id> --desired <json>
notion-cli db schema apply <database_id> --desired <json>

Security

  • Notion API is rate-limited; batch requests carefully
  • Prefer append and updates over destructive operations
  • IDs are opaque; store them explicitly, do not infer from URLs
  • NEVER perform destructive operations without explicit confirmation
  • Notion shares must be configured manually via "Add connections"

Links

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…