Notion Enhanced
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent using the token can read or modify Notion content that has been shared with the integration.
The skill requires a Notion integration token that grants delegated access to shared Notion pages/databases.
Copy the Internal Integration Token ... Save this token securely in OpenClaw config or environment: `NOTION_TOKEN=secret_...`
Create a dedicated Notion integration, share only the specific pages or databases needed, and revoke or rotate the token if it is no longer needed.
An agent can make lasting changes to shared Notion workspaces, including project trackers, CRMs, or content calendars.
The API wrapper can create database entries, update page properties, and append content blocks in Notion.
pages.create({ parent: { database_id: cleanId }, properties }); ... pages.update({ page_id: cleanId, properties }); ... blocks.children.append({ block_id: cleanId, children: blocks });Use the skill for clearly requested Notion changes, and require user review for important updates such as CRM/customer records or published workflow status.
Private workspace information in shared Notion pages may become part of the agent's working context or responses.
The CLI returns Notion page properties and body content to the agent/user output.
out({ page: { id: page.id, url: page.url, created: page.created_time, last_edited: page.last_edited_time, properties: page.properties }, body: formattedBlocks, block_count: blocks.results.length });Avoid sharing sensitive Notion pages unless needed, and treat retrieved Notion content as data rather than trusted instructions.
Installing the skill may pull updated third-party packages from npm, which is a normal but real supply-chain consideration.
The skill relies on npm dependencies with semver ranges, so install-time dependency versions may change.
"dependencies": { "@notionhq/client": "^2.2.15", "commander": "^11.1.0", "dotenv": "^16.3.1" }Install from a trusted source, review package-lock/provenance when available, and keep dependencies updated intentionally.