Back to skill
Skillv1.0.0
ClawScan security
Notion CLI – Command Line Interface based access to Notion for your agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 11, 2026, 9:09 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The SKILL.md describes a Notion CLI that legitimately needs a Notion API key and to be built from a third‑party GitHub repo, but the registry metadata omits the required credential and the instructions tell you to clone/run third‑party code — this mismatch and the build-from-source guidance warrant caution.
- Guidance
- This skill appears to be a wrapper for a third‑party Notion CLI and reasonably requires your Notion integration key, but the registry metadata omits that requirement and the SKILL.md instructs cloning and building a GitHub repo. Before installing or running these commands: 1) Verify the GitHub repository and review its code (npm install/build runs arbitrary JavaScript). 2) Prefer using the --api-key option for one-off runs rather than permanently storing the key in shell rc files, and create a scoped Notion integration with minimal permissions. 3) If you expect the skill to be self‑contained, ask the publisher why the registry metadata doesn't declare NOTION_API_KEY. 4) If you cannot or will not review the repo, consider using an official Notion SDK or a skill that explicitly declares required credentials and an install mechanism.
Review Dimensions
- Purpose & Capability
- noteThe skill name and SKILL.md are consistent with a Notion CLI (operations and examples match the Notion API). However the registry metadata provides no description and does not declare the Notion API key (primary credential) even though the instructions explicitly require NOTION_API_KEY.
- Instruction Scope
- noteRuntime instructions are focused on Notion CLI usage and how to call the Notion API. They do not ask the agent to read unrelated system files, but they do recommend adding an API key into agent or shell env files (e.g., ~/.claude/.env or ~/.bashrc), which is expected for functionality but is a scope/handling decision the user should consider carefully.
- Install Mechanism
- noteThere is no automated install spec in the registry; SKILL.md tells the user/agent to git clone a third‑party GitHub repository and run npm install/build/link. Cloning and building arbitrary third‑party code is potentially risky if done automatically — GitHub is a common host, but the skill does not declare that it will or will not perform this action itself.
- Credentials
- concernThe instructions require NOTION_API_KEY (and optionally NOTION_DEBUG) but the skill metadata lists no required environment variables or primary credential. This mismatch is an incoherence: the skill needs a secret to function but does not declare it in its requirements, so a user/agent may not be aware of the credential scope ahead of time.
- Persistence & Privilege
- okThe skill is not marked always:true, declares no config paths to modify, and has no code in the package — it does not request elevated persistence or platform-wide privileges in the registry metadata.