Skillv1.0.2

ClawScan security

Notion Workspace API Tools · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 13, 2026, 7:40 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match its Notion API purpose, but it relies on a Notion API key and a local token file fallback while not declaring any required credentials — this mismatch and the omitted declaration warrant caution.
Guidance: This skill appears to do exactly what it says (call the Notion API) and uses only Notion endpoints, but you should verify the runtime will provide a NOTION_KEY before granting access. The SKILL.md also allows reading a fallback token file at ~/.config/notion/api_key — if you use that pattern, understand the skill will read that file to obtain credentials. Because the registry metadata does not declare NOTION_KEY as a required credential, ask the skill author or your operator where the key must come from, and only supply a token you control (prefer a least-privilege integration token). Do not paste your full token into chat; if you install or test this skill and later doubt its behavior, rotate/revoke the Notion key. Finally, confirm the skill's source or owner (source is unknown) before installing so you can trust future automated calls to your workspace.

Review Dimensions

Purpose & Capability: noteThe name, description, and runtime instructions all describe legitimate Notion API operations (search, read, create, update, append, trash/restore). Requested actions and referenced endpoints (https://api.notion.com/v1/...) are consistent with the stated purpose.
Instruction Scope: noteThe SKILL.md stays within Notion API usage and gives concrete curl templates and safety rules. It does instruct the agent to prefer a runtime-provided NOTION_KEY and, as an optional local fallback, to read ~/.config/notion/api_key — which means the agent is explicitly permitted to read a local file for credentials. No unrelated system paths, other services, or external endpoints are referenced.
Install Mechanism: okThis is instruction-only with no install spec and no code files, so nothing is written to disk by an installer. That is the lowest-risk install model.
Credentials: concernThe skill expects NOTION_KEY and NOTION_VERSION at runtime and provides a local-file fallback (~/.config/notion/api_key), but the registry metadata lists no required environment variables or primary credential. The omission of a declared primary credential (NOTION_KEY) is a mismatch that could confuse users about what secrets are needed and what the skill will access.
Persistence & Privilege: okThe skill does not request always: true, does not modify other skills or system-wide settings, and is user-invocable only. Autonomous invocation is allowed (platform default) but is not combined here with privileged persistence or broad cross-skill access.