Notion
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill appears purpose-aligned for Notion automation, but users should carefully scope Notion access, understand the Evolink data flow, and verify the undeclared `notion-cli` setup.
Before installing, create a dedicated Notion integration, share only the pages or databases needed, verify the `notion-cli` you use is trustworthy, and review all create/update/schema operations before allowing the agent to run them.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could make real changes to shared Notion pages or databases if invoked with the right IDs and credentials.
The skill documents commands that can create or update Notion content and apply database schema changes. This is purpose-aligned, and the skill also tells users to inspect diffs and require explicit confirmation for schema/destructive actions.
notion-cli page create --database <database_id> --props <json> notion-cli page update <page_id> --props <json> notion-cli db schema apply <database_id> --desired <json>
Review create/update payloads before running them, require explicit confirmation for schema changes, and share only the minimum Notion pages or databases needed.
Anyone or any agent process with the Notion token can access and modify Notion content that has been shared with that integration.
The skill requires API credentials. A Notion integration token is expected for this purpose, and the artifact explains that access is limited to pages/databases shared with the integration.
Required environment variables: - `NOTION_API_KEY`: Internal Integration Token from Notion - `EVOLINK_API_KEY`: API Key for Evolink services.
Use a dedicated Notion integration, share only necessary pages/databases, store keys securely in environment variables, and rotate or revoke tokens when no longer needed.
If an unexpected or untrusted `notion-cli` is on the PATH, it could receive Notion-related commands and credentials.
The instructions rely on a `notion-cli` executable, but the supplied registry data says there are no required binaries and no install spec. Users need to verify which CLI implementation will actually run.
notion-cli page get <page_id>
Install `notion-cli` only from a trusted source, verify its documentation, and ensure the registry/install metadata accurately declares the dependency.
Some Notion-related content may be processed by external provider services depending on how the CLI and Evolink integration are implemented.
The skill discloses Notion and Evolink as external services, but the artifacts do not detail exactly what Notion content, prompts, or metadata may be sent to Evolink.
"description": "Notion API integration powered by Evolink AI for intelligent content processing", "externalServices": ["api.notion.com", "api.evolink.ai"]
Avoid sharing highly sensitive Notion pages unless necessary, review Evolink’s privacy/data-handling terms, and confirm what data the CLI sends to Evolink.