Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Notion Pipeline
v0.1.0Use when the night-shift agents need to validate Notion env, query a Notion database, create or update pages, or append blocks in the idea-factory databases.
⭐ 0· 55·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the code: scripts call api.notion.com and implement DB/query/create/update/append operations. However the registry lists no required env/credentials while SKILL.md and the scripts require OPENCLAW_NOTION_TOKEN and several OPENCLAW_NOTION_DB_* IDs; that metadata mismatch is incoherent. Also the scripts set a default OPENCLAW_TELEGRAM_TARGET and OPENCLAW_TIMEZONE which are outside the stated Notion-only purpose.
Instruction Scope
SKILL.md instructs the agent to load a local env file at /Users/dellymac/.openclaw/secrets/notion.env. The code (local_env.mjs, bootstrap_factory.mjs, notion_api.mjs, factory_ops.mjs) reads/writes that file and another user-scoped path (/Users/dellymac/.openclaw/cron/jobs.json). Reading/writing user-home files and persisting tokens is beyond simple API glue and is a non-portable, user-specific side-effect that should be called out.
Install Mechanism
No install spec is provided (instruction-only). That is low-risk from an installer perspective — the scripts are present and run with node. There are no downloads or external installers in the bundle.
Credentials
The skill's registry metadata declares no required env vars or primary credential, but SKILL.md and the code clearly require OPENCLAW_NOTION_TOKEN and multiple OPENCLAW_NOTION_DB_* variables. The code also writes OPENCLAW_TELEGRAM_TARGET (default '1565027149') into the local env file — introducing a third-party identifier without explanation. Requiring and persisting a Notion token is proportional to Notion DB ops, but the omission from metadata and the unexpected Telegram default are inconsistent and concerning.
Persistence & Privilege
The scripts persist credentials and DB IDs to a fixed path under /Users/dellymac/.openclaw/secrets/notion.env and write with 0600 permissions. Persisting tokens locally is a normal design choice for CLI helpers, but the hard-coded, user-specific path and creation/modification of files in that location are surprising for a generic skill and could cause accidental credential persistence if the path matches a real user. The code also references a cron jobs file under that same hard-coded user path, indicating broader local state access.
What to consider before installing
This skill appears to implement legitimate Notion workflows, but there are several red flags you should address before installing or running it:
- Metadata mismatch: The registry declares no required environment variables or primary credential, but SKILL.md and the scripts require OPENCLAW_NOTION_TOKEN and several OPENCLAW_NOTION_DB_* variables. Do not provide your Notion token until this is fixed/clarified.
- Hard-coded user paths: The code reads/writes /Users/dellymac/.openclaw/secrets/notion.env and /Users/dellymac/.openclaw/cron/jobs.json. If that path exists on your machine it will be used; if not the code may fail. Ask the author to make these paths configurable (or confirm they match your environment) before running.
- Secret persistence: bootstrap_factory.mjs will write your token and DB IDs to the local env file. If you proceed, review local_env.mjs to confirm file permissions and consider running in an isolated account or container.
- Unexpected TELEGRAM default: The code writes OPENCLAW_TELEGRAM_TARGET with a default numeric value. Confirm why a Telegram target is set and whether the skill will contact Telegram or other services (search the rest of factory_ops.mjs for network/spawn usage).
- Execution capabilities: factory_ops.mjs imports child_process.spawn (indicates potential to run other programs). Search the full file for spawn usage and any external integrations before giving the token to this skill.
Recommended actions:
- Ask the skill author to update registry metadata to list required env vars and primary credential.
- Request that paths be configurable (not hard-coded to another user's home).
- Review the remainder of factory_ops.mjs for any spawn/exec calls or external endpoints beyond Notion.
- If you must test, run in an isolated environment (throwaway user account or container) and use a Notion token with minimal scope. Keep a copy of the code and verify behavior before trusting it with production credentials.scripts/factory_ops.mjs:496
Shell command execution detected (child_process).
scripts/bootstrap_factory.mjs:6
Environment variable access combined with network send.
scripts/factory_ops.mjs:10
Environment variable access combined with network send.
scripts/notion_api.mjs:6
Environment variable access combined with network send.
scripts/factory_ops.mjs:55
File read combined with network send (possible exfiltration).
scripts/notion_api.mjs:47
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
factoryvk977mff0z8f7as8k7apdggxgf183tegvlatestvk977mff0z8f7as8k7apdggxgf183tegv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🗂️ Clawdis
Binsnode