ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

notion-agent-memory

v1.0.1

Structured memory system for AI agents using Notion. Use when setting up agent memory, discussing memory persistence, or helping agents remember context acro...

0· 591·1 current·1 all-time
byVlad Rimsha@vladchatware
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the contents: templates and instructions for maintaining agent memory locally or via Notion. The SKILL.md explains both a files-only workflow and Notion API patterns; there are no unexpected binaries, env vars, or install steps required by the skill itself.
!
Instruction Scope
Runtime instructions are mostly about reading/writing workspace files and using Notion's API (reasonable). However the docs explicitly (a) recommend saving API tokens and other credentials in files and documenting them in MEMORY.md, (b) instruct agents to check email/calendar regularly, send messages, and run cron/background jobs — actions that reach outside the stated memory task and require additional credentials/privileges. Encouraging persistent background checks and external communications is scope creep and increases attack surface.
Install Mechanism
Instruction-only skill with no install spec and no code to execute. Lowest-risk delivery mechanism. Templates are offered via external commercial links (shop.vlad.chat / Gumroad), but the skill itself does not download or execute remote code.
!
Credentials
The skill doesn't declare required env vars, yet its Notion integration examples instruct storing a Notion 'ntn_' token at ~/.config/notion/api_key and even show shell patterns to extract tokens. More concerning: templates/docs encourage keeping 'access credentials and tools' in MEMORY.md. Asking for or instructing storage of unrelated credentials (email/calendar) is disproportionate and invites secret leakage.
Persistence & Privilege
The skill is not force-enabled (always:false) and does not modify other skills. It recommends cron/background tasks and heartbeat checks, but those are suggestions the operator must implement. There's no built-in persistent agent or autonomous install step in the package itself.
What to consider before installing
This skill appears to do what it says (templates + Notion integration) but contains risky recommendations around credential handling and background checks. Before installing or using it: 1) Do NOT store sensitive credentials in workspace docs like MEMORY.md or checked-in files. 2) If you use Notion integration, create a dedicated Notion integration with the minimum required permissions and store its token in a protected config file with restrictive file permissions (chmod 600), or use a secrets manager rather than a plain text file. 3) Review and remove/disable any instructions that would make the agent check email/calendar/send messages or run cron jobs unless you explicitly want that and have secured credentials. 4) Avoid putting tokens into version control or shared folders. 5) If you enable agent autonomy to perform external actions, restrict those capabilities and audit what the agent sends. If you want, I can point out exact lines to change to remove the credential-storage and background-check recommendations.

Like a lobster shell, security has layers — review code before you run it.

latestvk970dgc1zhvzzswqrd78af1vxn8212k0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments