Notion
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s Notion capabilities are coherent, but the install instructions disagree on which npm package to install while that package will receive a Notion API key and can change workspace content.
Before installing, confirm which npm package is the legitimate one for the linked GitHub project and consider pinning the version. Use a dedicated Notion integration with access only to needed databases, and require approval before the agent updates, deletes, moves, uploads, comments on, or changes schemas in Notion.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may install a different npm package than intended before giving it a Notion API key and permission to manage workspace content.
The same skill names two different npm package identities for installation. Since the CLI is then initialized with a Notion API key, installing the wrong package could expose the token or workspace authority to an unintended package.
install: "npm install -g @jordancoin/notioncli" ... Setup ... npm install -g notioncli
Verify the correct npm package against the GitHub repository before installing, prefer a pinned version, and do not run init with a real token until package provenance is confirmed.
Anyone or any agent using the configured CLI may be able to read or modify all Notion databases shared with that integration.
The skill requires and persists a Notion API key, then discovers every database shared with that integration. This is expected for the purpose, but it is sensitive delegated account/workspace access.
notion init --key $NOTION_API_KEY ... The `init` command saves your API key and auto-discovers all databases shared with your integration.
Use a dedicated least-privilege Notion integration token, share only the databases needed for the task, and rotate the key if the local machine or npm package provenance is uncertain.
An agent could archive pages, delete blocks, change database schemas, or post comments if instructed or if it misinterprets a task.
The CLI exposes destructive and mutating Notion operations. These are aligned with the advertised Notion management purpose, but they can permanently affect workspace content or schema if used incorrectly.
notion delete <page-id> ... notion block-delete <block-id> ... notion db-update tasks --remove-prop "Old Column"
Require explicit user confirmation before destructive or public-facing actions such as delete/archive, block deletion, schema changes, page moves, comments, or file uploads.