ClawHub

Notion Sync

v2.5.3

Bi-directional sync and management for Notion pages and databases. Use when working with Notion workspaces for collaborative editing, research tracking, proj...

6· 3.6k·23 current·23 all-time
by@robansuini
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Notion sync) align with required binary (node) and requested environment variable (NOTION_API_KEY). The scripts implement expected features (search, query, md↔Notion sync, watch) and do not request unrelated cloud credentials or services.
Instruction Scope
SKILL.md and scripts limit operations to the workspace by default (resolveSafePath) and document an explicit override (--allow-unsafe-paths). Scripts read a Notion token via --token-file, --token-stdin, ~/.notion-token, or NOTION_API_KEY — the auto-detection of ~/.notion-token is convenient but means a token in that file will be used without an explicit flag. Scripts read/write local files and a state file under memory/, which is consistent with their stated purpose.
Install Mechanism
No install spec; this is instruction+script-based and relies on Node.js on PATH. No downloads or external installers are included, so nothing is written/installed by the skill itself.
Credentials
Only NOTION_API_KEY (or an equivalent token via file/stdin) is required, which is appropriate for Notion API use. No other secrets or unrelated env vars are requested. Note: the scripts will read ~/.notion-token if present — ensure that file is only used if intended.
Persistence & Privilege
always:false and no special platform privileges. The skill writes state to a workspace-relative file (memory/notion-watch-state.json) and does not alter other skills or global agent config. Autonomous invocation is allowed by default (normal) but not combined with any elevated privileges.
Assessment
This skill appears to do exactly what it claims: local Node.js scripts that call api.notion.com using a Notion integration token. Before installing or running: 1) Provide a dedicated Notion integration token (ntn_/secret_) and share only the pages/databases you want the integration to access. 2) Be aware scripts will auto-read ~/.notion-token if it exists — remove or lock that file (chmod 600) if you don't want it used. 3) The default path-safety prevents reads/writes outside the current workspace; only use --allow-unsafe-paths intentionally. 4) Batch-update operations can modify many pages — use --dry-run first. 5) The code makes only HTTPS requests to api.notion.com and performs local file I/O; if you want extra assurance, review the included scripts locally before running.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cwzd1ave9sjxbmsbbyxtz6h82pp4g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode
EnvNOTION_API_KEY

Comments