notion-test
ReviewAudited by ClawScan on May 1, 2026.
Overview
This instruction-only Notion skill is purpose-aligned, but it uses a local Notion API key and includes commands that can read and change shared Notion pages and databases.
Install only if you intend the agent to use a Notion integration token. Create a dedicated Notion integration, share only the pages or databases needed for the task, protect the local key file, and review any create or update actions before they are applied.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the key is exposed or if too many Notion pages/databases are shared with the integration, the agent or anyone with the key could access or modify that Notion content.
The skill requires a Notion integration token stored locally. This is expected for Notion API access, but it grants access to the Notion resources shared with that integration.
Copy the API key (starts with `ntn_` or `secret_`) ... echo "ntn_your_key_here" > ~/.config/notion/api_key
Use a dedicated Notion integration, share only the specific pages/databases needed, protect the key file, and revoke or rotate the key when it is no longer needed.
Using the skill can create or alter Notion pages, databases, and blocks in resources shared with the integration.
The documented Notion API operations include write actions such as updating page properties, adding blocks, and creating pages/data sources. These are aligned with the skill purpose but can change workspace content.
curl -X PATCH "https://api.notion.com/v1/pages/{page_id}" ... -d '{"properties": {"Status": {"select": {"name": "Done"}}}}'Review requested write operations before running them, keep the integration scoped to the smallest necessary Notion area, and avoid letting the agent make broad workspace changes without confirmation.