Notion
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a coherent instruction-only Notion API skill, but it uses a persistent Notion API key and can change Notion content you share with the integration.
This skill appears safe for its stated purpose if you are comfortable giving it Notion API access. Create a dedicated Notion integration, share only the pages or databases it needs, review any create/update requests before running them, and keep the local API key file protected.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent process able to read that local file could use the Notion integration's access to shared pages and databases.
The skill instructs users to store and use a Notion API key. This is expected for the Notion API, but the key can access Notion content shared with the integration.
echo "ntn_your_key_here" > ~/.config/notion/api_key ... Authorization: Bearer $NOTION_KEY
Use a dedicated Notion integration, share only the specific pages/databases needed, and protect or remove the local API key when not needed.
If invoked with the wrong IDs or content, the skill could create unwanted pages, update properties incorrectly, or add blocks to the wrong Notion page.
The documented API operations include write actions that can create or modify Notion content. This is purpose-aligned, but it affects user workspace data.
Create page in a data source ... Update page properties ... Add blocks to page
Review page/database IDs and request details before write operations, and restrict the integration to only the Notion areas it should modify.
The mismatch may make it harder to confirm the publisher identity before trusting the skill with a Notion API key.
The internal _meta.json owner/slug differs from the provided registry metadata owner/slug. There is no executable code here, but it is a minor provenance inconsistency.
"ownerId": "kn70pywhg0fyz996kpa8xj89s57yhv26", "slug": "notion"
Verify the skill publisher and source before use, especially because the setup involves a Notion API credential.