Notion Enhanced
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: openclaw-notion-skill Version: 0.1.0 The OpenClaw Notion skill is designed to integrate with Notion workspaces, allowing agents to read, write, and manage content. The `SKILL.md` and `README.md` provide clear instructions for users and agents on how to use the skill, emphasizing secure handling of the `NOTION_TOKEN` by storing it in `~/.openclaw/.env` and explicitly stating that Notion integrations only access pages shared by the user. The `install.sh` and `setup-wizard.sh` scripts perform standard dependency installation and interactive setup without any malicious commands or unauthorized system modifications. The core logic in `notion-cli.js` and `src/` files correctly uses the Notion API client, accesses the token from environment variables, and limits file system interaction to a benign temporary mapping file. No evidence of data exfiltration, malicious execution, persistence, or prompt injection with harmful objectives was found. The crypto address in `SUPPORT.md` is for voluntary donations and is not malicious.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent using the token can read or modify Notion content that has been shared with the integration.
The skill requires a Notion integration token that grants delegated access to shared Notion pages/databases.
Copy the Internal Integration Token ... Save this token securely in OpenClaw config or environment: `NOTION_TOKEN=secret_...`
Create a dedicated Notion integration, share only the specific pages or databases needed, and revoke or rotate the token if it is no longer needed.
An agent can make lasting changes to shared Notion workspaces, including project trackers, CRMs, or content calendars.
The API wrapper can create database entries, update page properties, and append content blocks in Notion.
pages.create({ parent: { database_id: cleanId }, properties }); ... pages.update({ page_id: cleanId, properties }); ... blocks.children.append({ block_id: cleanId, children: blocks });Use the skill for clearly requested Notion changes, and require user review for important updates such as CRM/customer records or published workflow status.
Private workspace information in shared Notion pages may become part of the agent's working context or responses.
The CLI returns Notion page properties and body content to the agent/user output.
out({ page: { id: page.id, url: page.url, created: page.created_time, last_edited: page.last_edited_time, properties: page.properties }, body: formattedBlocks, block_count: blocks.results.length });Avoid sharing sensitive Notion pages unless needed, and treat retrieved Notion content as data rather than trusted instructions.
Installing the skill may pull updated third-party packages from npm, which is a normal but real supply-chain consideration.
The skill relies on npm dependencies with semver ranges, so install-time dependency versions may change.
"dependencies": { "@notionhq/client": "^2.2.15", "commander": "^11.1.0", "dotenv": "^16.3.1" }Install from a trusted source, review package-lock/provenance when available, and keep dependencies updated intentionally.