Notion 2025 API Skill
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a straightforward Notion API helper, but it can edit shared Notion content using your API key.
Install only if you want OpenClaw to read and modify selected Notion pages/databases. Use a dedicated Notion integration with least privilege, protect the key file, review create/update/batch commands before running them, and do not pass untrusted text directly into the helper script.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed and used with a broadly shared Notion integration, the agent may read or modify any Notion content that integration can access.
The skill relies on a Notion integration token and edit access to shared Notion pages/databases.
echo "ntn_YOUR_KEY_HERE" > ~/.openclaw/workspace/secrets/notion_api_key.txt ... Grant "Can edit" permission
Create a dedicated Notion integration, share only the specific pages/databases needed, keep the key file protected, and rotate the key if exposed.
Malformed or untrusted values could cause failed requests or unintended Notion updates if passed directly into the helper.
The helper script warns that its JSON construction is sensitive to untrusted input, which matters because the same script can update Notion pages.
SECURITY NOTE: This script constructs JSON via string concatenation. ... Do NOT pass unsanitized user input directly to this script.
Use only trusted IDs, property names, and values, or construct request JSON with jq or another proper JSON library before sending updates.
A wrong query, page ID list, or status value could change many Notion entries at once.
The examples include batch mutation of multiple Notion entries, which is purpose-aligned but can propagate a mistaken filter or status change across many records.
Example 6: Batch Update Multiple Entries ... for entry_id in $SERIES; do ... curl -s -X PATCH "https://api.notion.com/v1/pages/$entry_id"
Preview query results before batch updates, limit filters carefully, and consider testing on a small sample first.
Users have less provenance context for who maintains the skill or where to verify the published package.
The registry metadata does not provide a clear upstream source or homepage, though the bundled script and documentation are visible in the supplied artifacts.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Review the installed files before use and prefer a trusted upstream repository or verified publisher when available.