ClawHub

notipo

v1.0.2

Publish blog posts from AI agents to WordPress via Notion. One API call handles page creation, markdown conversion, image uploads, featured image generation,...

0· 130·0 current·0 all-time
by@kfuras
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (publish Notion -> WordPress via Notipo) align with required env vars NOTIPO_URL and NOTIPO_API_KEY and with the documented CLI/API calls in SKILL.md. Nothing requested appears unrelated to the stated purpose.
Instruction Scope
SKILL.md instructs the agent to call the Notipo API and/or use the notipo CLI, fetch categories/tags, create/publish posts, and monitor jobs. It does not instruct reading unrelated files, system credentials, or sending data to external endpoints other than the Notipo service; instructions are appropriately scoped to content publishing.
Install Mechanism
No formal install spec in the bundle (instruction-only), but SKILL.md suggests 'npm install -g notipo' (a public npm package). Installing a global npm package is a reasonable way to get the CLI, but npm packages run arbitrary install-time scripts — recommend verifying the npm package publisher, version, and integrity before installing, and consider non-global or sandboxed installation.
Credentials
Only NOTIPO_URL and NOTIPO_API_KEY are required; both are directly used by the documented curl/CLI commands. The number and naming of env vars are proportionate to the skill's function.
Persistence & Privilege
Skill is instruction-only, does not request persistent 'always' inclusion, and does not modify other skills or system-wide configs. Autonomous invocation is allowed (platform default) but not combined with other concerning privileges.
Assessment
This skill appears to do exactly what it says: call your Notipo instance to publish Notion content to WordPress. Before installing or using it: 1) Verify the NOTIPO_URL is the legitimate notipo.com domain (watch for typosquats) and obtain the API key from your Notipo account dashboard. 2) Treat NOTIPO_API_KEY like any secret: use a dedicated key/account with the least privileges necessary, store it securely, and rotate it if compromised. 3) If you plan to run 'npm install -g notipo', inspect the package on npm (publisher, version, recent downloads, repository link) and prefer a scoped or local install or a containerized environment if you want to reduce system exposure. 4) If possible, test against a staging WordPress/Notion integration rather than production, since the skill will create, publish, and delete posts on your sites. 5) If you need higher assurance, request the skill author or vendor-supplied package/source code or use network monitoring to confirm only the expected Notipo endpoints are contacted.

Like a lobster shell, security has layers — review code before you run it.

aivk97fde6k1yych0kf5d6ybk066s835n1kautomationvk97fde6k1yych0kf5d6ybk066s835n1kblogvk97fde6k1yych0kf5d6ybk066s835n1klatestvk975naz59remrskfaz2hm4yzan83grrfnotionvk97fde6k1yych0kf5d6ybk066s835n1kpublishingvk97fde6k1yych0kf5d6ybk066s835n1kseovk97fde6k1yych0kf5d6ybk066s835n1kwordpressvk97fde6k1yych0kf5d6ybk066s835n1k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📝 Clawdis
EnvNOTIPO_URL, NOTIPO_API_KEY

Comments