Notion Workspace API Tools
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent Notion API instruction skill, but it can use a Notion integration key to read and change workspace content, so users should grant only the access they intend.
This skill appears safe for its stated purpose if you intentionally want an agent to use the Notion API. Before installing, create or use a Notion integration with the minimum workspace access needed, share only the target pages or databases with it, avoid storing the token in a local file unless necessary, and review any requested create, update, append, or trash action before it is carried out.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could read or modify any Notion content that the configured integration is allowed to access.
The skill uses a Notion API credential and can fall back to a local token file. This is expected for Notion API work, but it gives the agent the integration's workspace permissions.
Prefer `NOTION_KEY` if the runtime already provides it; If `NOTION_KEY` is unset in a local shell workflow, optionally load it from `~/.config/notion/api_key`
Use a least-privilege Notion integration shared only with the pages or databases needed for the task, prefer runtime-provided secrets, and protect or avoid the local token file.
Mistaken targets or overly broad requests could create, update, append to, trash, or restore the wrong Notion pages.
The documented API operations can mutate Notion workspace content. They are clearly aligned with the skill's stated purpose and include read-before-write guidance, but they are still high-impact actions.
`POST /v1/pages` to create a page; `PATCH /v1/pages/{page_id}` to update page properties; `PATCH /v1/pages/{page_id}` with `in_trash: true|false` to trash or restore a pageBefore allowing writes, confirm the target page or database, review the planned change, and use the skill's sample-first guidance for tasks that may affect many pages.
Sensitive Notion content may be exposed in the chat context, and page text should be treated as data rather than as instructions for the agent to obey.
The skill brings Notion page content into the agent's working context. That is expected, but retrieved workspace content may contain sensitive information or misleading instructions.
Reading page properties or page block content; `GET /v1/blocks/{page_id}/children` for page contentLimit the integration to necessary pages, avoid querying unrelated private content, and do not let instructions embedded inside Notion pages override the user's request.