Notion Content Pipeline
ReviewAudited by ClawScan on May 10, 2026.
Overview
This mostly matches a Notion markdown-sync tool, but it deserves review because it can change Notion content and one workflow uses a hard-coded Notion database fallback plus an optional external helper script.
Before installing, treat this as a Notion read/write automation. Set NOTION_PARENT_PAGE_ID, NOTION_SYNC_MAP, and especially NOTION_PIPELINE_DB_ID explicitly; run --dry-run before advance; use --no-overwrite for cautious pushes; and review or skip the external fact-checker helper.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the token has access to that database, the skill could update the wrong Notion pipeline entry; otherwise it may fail in a confusing way.
If the user does not set NOTION_PIPELINE_DB_ID, the script falls back to a specific hard-coded database ID and can patch Notion page status using the user's Notion token.
PIPELINE_DB_ID = os.environ.get("NOTION_PIPELINE_DB_ID", "312c9a82-0734-81bd-81a6-e58d0365e404") ... _req("patch", f"/pages/{page_id}", key, json={"properties": {"Status": {"select": {"name": new_status}}}}, timeout=15)Require an explicit NOTION_PIPELINE_DB_ID or use the database ID created for the user. Run with --dry-run first and verify the target database before allowing status updates.
Running the advance command may execute code from another installed skill with access to the content file and environment credentials.
The advance workflow can execute a sibling skill's fact-checker script that is not included in this artifact set; the subprocess call does not show environment sanitization, so the helper may inherit the required Notion token and other environment values.
FACT_CHECKER_SCRIPT = _WORKSPACE / "skills" / "fact-checker" / "scripts" / "fact_check.py" ... result = subprocess.run([PYTHON, str(FACT_CHECKER_SCRIPT), str(file_path)], capture_output=True, text=True, timeout=120)
Review or pin the fact-checker dependency before use, sanitize the subprocess environment, or use --skip-factcheck unless the helper is trusted.
A mistaken push can replace the tracked Notion page and change the sync map.
The default push behavior intentionally mutates Notion by archiving an existing page and creating a replacement. This is disclosed and purpose-aligned, but it is a high-impact action.
On `push`, if the file is already tracked, the existing Notion page is archived and a fresh page is created. ... Use `--no-overwrite` to skip if already pushed.
Back up important Notion pages, use --no-overwrite when appropriate, and test with a sandbox page before bulk syncing.
The map may reveal local file names and Notion page IDs, and incorrect entries could sync the wrong page.
The skill relies on persistent local state that maps local file paths to Notion page IDs; stale or edited mappings can affect future push/pull targets.
File ↔ Notion page ID mapping stored in JSON. ... Default location: `./notion_sync_map.json`
Keep the sync map private, review it before important syncs, and store it in a project-specific location.