Morning Briefing
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its morning-briefing purpose, but it under-discloses sensitive Notion credential use and possible persistent vault writes.
Review this skill before installing. It appears intended to create a useful daily briefing, but you should confirm which Notion token it will use, what database it can access, and whether it will save your reminders or tasks into a persistent vault.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or using the skill may cause the agent to use a local Notion API credential that the user was not clearly told would be accessed.
The script reads a local Notion API key file, but the registry metadata declares no primary credential and no required config paths.
NOTION_KEY=\\$(cat ~/.config/notion/api_key)
Declare the Notion credential and config path explicitly, explain the token scope needed, and require the user to opt in before using the credential.
The skill may fail or behave differently depending on local tools and environment setup, and it sends a Notion database query to Notion’s API.
The skill uses local command-line tools and an external API call to assemble the briefing. This is purpose-aligned, but the required binaries and runtime expectations are not declared.
remindctl today --plain ... curl -s -X POST "https://api.notion.com/v1/databases/$notion_db/query" ... jq -r
Document required binaries, expected local permissions, and the exact Notion database query behavior.
Private reminders and task information could be saved into persistent agent memory or vault storage without clear boundaries.
The README indicates the workflow may write to a vault, but the skill description only says 'vault storage' and does not define what data is stored, how long it is retained, or how users approve or remove it.
Triggers remindctl today + Notion query + vault_add_note.
Clarify whether vault_add_note is used, what content is saved, require explicit user approval for each write, and provide deletion or retention guidance.