ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Notion记账财务分析

v1.0.5

Notion记账财务数据分析技能,自动读取支出收入流水表,全量翻页获取数据,100%解析relation类别字段,按年月类别标签多维分析并生成Markdown财务报告。

0· 88·1 current·1 all-time
by@jimislg

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for jimislg/notion-accounting-analysis.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Notion记账财务分析" (jimislg/notion-accounting-analysis) from ClawHub.
Skill page: https://clawhub.ai/jimislg/notion-accounting-analysis
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install notion-accounting-analysis

ClawHub CLI

Package manager switcher

npx clawhub@latest install notion-accounting-analysis
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's stated purpose (read Notion accounting tables, resolve relation IDs, generate Markdown reports) matches the code and SKILL.md instructions: analyze.mjs talks only to api.notion.com and the SKILL.md documents the Notion workflow. However the registry metadata claims 'Required env vars: none' and 'Primary credential: none' while the SKILL.md and analyze.mjs clearly require a Notion Integration Token (and a data_source_id). That mismatch is incoherent and should be corrected.
Instruction Scope
The runtime instructions and analyze.mjs keep activity within Notion's API (search, data_sources query, pages retrieval) and output a Markdown report to /workspace/. There are no calls to third-party endpoints or unexpected exfiltration in the code. The instructions do reference an environment variable ($NOTION_API_TOKEN) and CLI token argument — which the metadata doesn't declare — and the skill will enumerate relation IDs and print them to stdout and the report (useful for debugging but may reveal internal IDs).
Install Mechanism
There is no install spec or remote download; this is an instruction-only skill with a bundled Node.js script (analyze.mjs). No external install URLs, package installs, or archived downloads are used.
!
Credentials
The code requires a Notion Integration Token and data_source_id to function — those are appropriate and proportional for the stated task. The problem is that the skill registry metadata does not declare these required credentials (no required env vars / primary credential listed). That omission is a mismatch that can lead to surprising behavior (agent asking for secrets unexpectedly). No other unrelated credentials are requested.
Persistence & Privilege
The skill is not marked always:true, is user-invocable by default, and does not attempt to modify other skills or system-wide settings. It runs ad-hoc and writes its report to /workspace/, which is expected for a reporting tool.
What to consider before installing
This skill appears to do what it says (read Notion tables, resolve relation IDs, generate a Markdown report). However: 1) The registry metadata does not list the Notion token it actually needs — the SKILL.md and analyze.mjs expect you to provide a Notion Integration Token and data_source_id. Treat that as a packaging/metadata bug. 2) Before installing or running, create a dedicated Notion integration with the least privileges needed and add it only to the pages/databases you want analyzed. Do not reuse a broad personal token. 3) Review the bundled analyze.mjs (it uses only api.notion.com) and test the tool on non-sensitive data first. 4) If you plan to allow autonomous runs, be aware the agent could use any token you provide to query your Notion workspace; consider keeping this skill user-invocable only or removing long-lived tokens from agent storage. If you want higher assurance, ask the developer to: (a) update registry metadata to declare required credentials, (b) document what the integration can access and where reports are written, and (c) sign the package or provide a provenance/homepage.

Like a lobster shell, security has layers — review code before you run it.

accountingvk9734q1cwmrtxyvs53sjkvfy8x847rwganalysisvk9734q1cwmrtxyvs53sjkvfy8x847rwgfinancevk9734q1cwmrtxyvs53sjkvfy8x847rwglatestvk9734q1cwmrtxyvs53sjkvfy8x847rwgnotionvk9734q1cwmrtxyvs53sjkvfy8x847rwg
88downloads
0stars
6versions
Updated 3w ago
v1.0.5
MIT-0
@jimislg
accountinganalysisfinancelatestnotion
Download

Notion 记账数据分析 Skill

适用场景:用户说"分析我的 Notion 记账数据"、"生成财务报告"、"查看收支趋势"时触发。 前置条件:用户提供 Notion Integration Token(secret_xxx 格式)和 data_source_id。

核心能力

  1. 全量数据获取 — 自动翻页(处理 Notion API has_more),不漏任何记录
  2. relation 字段 100% 解析 — 先收集所有 relation ID,再批量并发查询对应名称,零遗漏
  3. 多维分析 — 按年/月/类别/标签/大额 TOP 多角度剖析
  4. 智能报告生成 — 自动输出 Markdown 报告到 /workspace/,带优化建议
  5. 异常主动提示 — 若 relation ID 无法解析,会列出 ID 并提示如何修复

已知 relation ID → 类别名称(已验证)

relation ID(前8位)对应类别
2e1bd123...817c房租
2e1bd123...80e8旅游娱乐
2e1bd123...8081房贷
2e1bd123...815a餐饮
2e1bd123...8004总记账
2e1bd123...806f医疗
2e1bd123...8059购物
2e1bd123...80d4所得税
2e1bd123...817f交通
2e1bd123...81dd人情往来
2e1bd123...8084专项
2e1bd123...810d运动
2e1bd123...8054公司额外
2e1bd123...81de日用

💡 若发现新的 relation ID 查不到名称:在 Notion 中打开该记录页面 → 右上角 ...Add connections → 添加 Integration 即可。

字段识别规范(重要踩坑记录)

支出流水表通常有两个分类字段,优先级:

字段类型处理方式
支出类别relation通过 API 查询名称,必须
标签select直接存储名称,可用

错误:只用 select,忽略 relation → 类别大量丢失。 正确:relation 用 ID 查表,select 直接用,两者结合覆盖 100% 类别。

执行流程

第 1 步:确认数据源

用户未提供 data_source_id 时,用搜索接口查找:

curl -s -X POST "https://api.notion.com/v1/search" \
  -H "Authorization: Bearer $NOTION_API_TOKEN" \
  -H "Notion-Version: 2025-09-03" \
  -d '{"query": "支出", "page_size": 20}' \
  | jq '.results[] | {id, title: .properties.Name.title[0].plain_text}'

第 2 步:全量获取数据(必须翻页)

// 错误:只查第一页 → 数据不完整
const page = await fetch('/v1/data_sources/{id}/query', {page_size: 100});

// 正确:循环直到 has_more = false
let cursor = null;
do {
  const body = cursor ? {page_size:100, start_cursor:cursor} : {page_size:100};
  const page = await fetch('/v1/data_sources/{id}/query', body);
  results.push(...page.results);
  cursor = page.has_more ? page.next_cursor : null;
} while (cursor);

第 3 步:relation ID 批量解析(必须)

// 第一步:收集所有 relation IDs(不重复)
const allIds = [...new Set(results.flatMap(r =>
  (r.properties['支出类别']?.relation || []).map(rel => rel.id)
))];

// 第二步:并发查询所有 ID(每个只查一次)
const relMap = Object.fromEntries(
  await Promise.all(allIds.map(async id => [id, await resolvePageName(id)]))
);

第 4 步:分析并输出报告

# 可直接使用附带的分析脚本
node analyze.mjs <token> <expense_data_source_id> [income_data_source_id] [year]

常见错误处理

现象原因解决方案
类别全是"未分类"只用了 select,relation 全部丢失改用 relation ID 查表
总支出比预期少只查了第一页(100条),还有后续页循环翻页直到 has_more=false
relation ID 查不到名称记录不在 integration 可见范围内Notion 页面 → Add connections
金额对不上select 和 relation 重复计算了同一笔select 和 relation 只取一个字段

分析报告模板

# {年份} 年度财务分析报告

> 数据来源:Notion 支出流水表 & 收入流水表
> 分析范围:{年}年({n}笔支出,{n}笔收入)

## 一、收支总览
## 二、月度趋势
## 三、类别分析(relation 100% 解析)
## 四、标签分析
## 五、TOP N 大额支出
## 六、优化建议

Comments

Loading comments...