ClawHub

Openclaw Notion Api

v0.1.0

Notion API 用于创建和管理页面、数据库和块。包含正确的图片、文件上传功能

0· 345·0 current·0 all-time
by@ionepub
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description and the curl-based examples align with a Notion API integration (creating/reading/updating pages, databases/data_sources, and file uploads). The endpoints referenced (api.notion.com) and described features are consistent with the stated purpose.
Instruction Scope
The SKILL.md instructs the agent to create and read a local file at ~/.config/notion/api_key and to set NOTION_KEY by cat-ing that file before calling Notion APIs. Otherwise the instructions stay focused on Notion endpoints and do not reference unrelated system files or external endpoints. The file-read/write behavior is expected for an API helper but should be explicitly declared.
Install Mechanism
This is instruction-only (no install spec, no code files). That minimizes on-disk execution risk — nothing is downloaded or installed by the skill.
!
Credentials
The skill requires an API credential (Notion integration key) in practice, but the registry metadata lists no required env vars or primary credential. The SKILL.md asks the user/agent to create and read a plaintext file containing the secret; this mismatch between declared requirements and runtime behavior is an inconsistency and a potential security/privacy concern.
Persistence & Privilege
always is false, no install steps, and the skill does not request persistent platform-level privileges or modify other skills. Autonomous invocation is allowed (platform default) but not combined with other high-risk flags.
What to consider before installing
This skill appears to be a straightforward Notion API helper, but note two things before installing: (1) although the registry metadata lists no required credentials, the SKILL.md instructs you to create and read a local Notion API key (~/.config/notion/api_key). Treat that key as sensitive — prefer storing it in the platform's secret manager rather than a plaintext file, and set file permissions (chmod 600). (2) Confirm you are comfortable letting the agent read that local file (it will be used to set NOTION_KEY) and that you only share a minimal-scope Notion integration key. If you need higher assurance, ask the skill author to declare the primary credential in metadata or update the instructions to use the platform's secret store instead of encouraging plaintext files.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b0ck12q5zh9apvgz137sz1181tz6q

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📝 Clawdis

Comments