Skillv0.1.0

ClawScan security

Notion Sync · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 21, 2026, 5:06 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, docs, and runtime instructions match its stated purpose (sync local directories to Notion); nothing requests unrelated credentials or installs arbitrary remote code — but note it stores your Notion token in a local config and will delete/replace page blocks when updating content.
Guidance: This skill appears to do what it says: mirror a local directory to Notion. Before using it, (1) create a Notion integration with the minimum scopes needed and use that token; (2) keep the generated .notion-sync.json out of version control (the default ignore list already includes it, but double-check your repo’s .gitignore) because it contains the token in plaintext; (3) run sync with --dry-run or --diff first to preview changes; (4) be aware that updates clear and re-append page blocks, which can overwrite existing content in the target Notion pages—test on a dedicated root page or a small sample directory first; and (5) review the token and page sharing settings in Notion so the integration only has access to the intended pages.

Review Dimensions

Purpose & Capability: okName/description, CLI flags, SKILL.md, and source files all consistently implement a Notion syncing tool. Dependencies (@notionhq/client, glob, ignore, etc.) are appropriate for this functionality. No unrelated credentials, binaries, or platform access are requested.
Instruction Scope: noteRuntime instructions and code operate on the target directory and Notion via the provided token. They do not read unrelated system files or env vars. Important behavioral note: updating a file will cause the tool to clear existing blocks on the corresponding Notion page and re-append content (destructive-within-Notion behavior). SKILL.md documents usage and init flow; nothing unexpected is being transmitted to external endpoints other than Notion's API.
Install Mechanism: okThis is an instruction-only skill with source included; SKILL.md recommends installing from npm (registry). There is no remote arbitrary download URL or archive extraction in the skill metadata. package.json and package-lock.json show normal npm dependencies.
Credentials: noteNo environment variables are required by the skill metadata. The tool requires a Notion token provided at init and stores it in plaintext inside .notion-sync.json in the project root. The default ignore set includes '.notion-sync.json' (so the config should be ignored by git by default), but if committed the token could be exposed. The tool needs readonly/write access to the specified directory and write access in Notion — both are expected for the stated purpose.
Persistence & Privilege: okalways is false and the skill does not request persistent presence or modify other skills or global agent settings. It writes its own .notion-sync.json config in the user's project directory (expected behavior).