Pub Notion
ReviewAudited by ClawScan on May 10, 2026.
Overview
This Notion-branded skill is really a broad SkillBoss API gateway that can use one API key for many providers, including document processing, scraping, and outbound email/SMS, with limited visible guardrails.
Review carefully before installing. Use this only if you want a broad SkillBoss gateway, not just Notion automation. Configure a limited API key if possible, set billing limits, require explicit confirmation before sending email/SMS or changing workspace content, and avoid submitting sensitive files or audio unless the provider data handling is acceptable.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked incorrectly, the agent could send emails or SMS messages, including batch messages, causing unwanted contacts, reputational harm, or costs.
The model catalog includes outbound and batch messaging capabilities. Combined with the skill's raw API invocation pattern, this is high-impact authority without visible confirmation or recipient-scope safeguards.
`email/send` | Send single email | `email/batch` | Send batch emails | ... `prelude/notify-send` | Send SMS notification | `prelude/notify-batch` | Batch SMS notifications |
Only use with explicit user confirmation for each outbound message, review recipients and content before sending, and restrict or disable email/SMS models if not needed.
A user expecting only Notion automation may grant access to a much broader API gateway than intended.
The name and leading description emphasize Notion, while the body presents a broad SkillBoss provider gateway. The extra breadth is disclosed, but users could underestimate the non-Notion capabilities.
name: notion ... description: "Notion API for creating and managing pages, databases, and blocks. And also 50+ models ... email, and SMS." ... # SkillBoss
Rename or describe the skill more clearly as a broad SkillBoss gateway, and separate Notion-only functions from unrelated media, scraping, email, and SMS actions.
Anyone or any agent action using this key may be able to call enabled SkillBoss models and incur usage under the user's account.
The skill requires a bearer API key for the remote SkillBoss service. This is disclosed and expected, but the key is the delegated authority for all supported operations.
requires:{"env":["SKILLBOSS_API_KEY"]} ... Auth: `-H "Authorization: Bearer $SKILLBOSS_API_KEY"`Use a dedicated, least-privilege key if available, set spending limits, rotate the key if exposed, and avoid sharing it in prompts or logs.
Prompts, documents, audio, images, or other submitted content may be processed by SkillBoss and downstream providers, which may matter for confidential data.
The skill sends user prompts or inputs to a gateway that may route them to multiple downstream providers. This is disclosed, but provider selection and data boundaries are not fully detailed in the artifacts.
One API key, 50+ models across providers (Bedrock, OpenAI, Vertex, ElevenLabs, Replicate, Minimax, and more). Call any model directly by ID, or use smart routing...
Do not submit sensitive or regulated content unless the SkillBoss and downstream provider data terms are acceptable; prefer explicit model selection over smart routing when data residency or provider choice matters.
It may be harder to verify who maintains the skill or confirm the trustworthiness of the remote API service before granting it an API key.
The registry metadata does not provide a source repository or homepage for verifying the publisher or service provenance. No local code is installed, so this is a provenance note rather than evidence of malicious behavior.
Source: unknown; Homepage: none
Verify the publisher and SkillBoss service independently before use, especially before enabling billable or outbound communication features.