ClawHub

Notion

v1.0.6

Notion API integration with managed OAuth. Query databases, create and update pages, manage blocks. Use this skill when users want to interact with Notion wo...

8· 8.4k·16 current·17 all-time
by@byungkyu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name and description state a Notion API integration; the SKILL.md exclusively documents calling Maton endpoints (gateway.maton.ai and ctrl.maton.ai) to manage OAuth, query databases, and manipulate pages/blocks. The single required environment variable (MATON_API_KEY) is directly tied to the Maton gateway and is appropriate for this purpose.
Instruction Scope
The runtime instructions are limited to making HTTP requests to Maton-managed endpoints and guiding the user through OAuth via the returned URL. The SKILL.md does not instruct the agent to read arbitrary local files, shell history, other environment variables, or to send data to unexpected third-party endpoints beyond Maton and the official Notion API (proxied).
Install Mechanism
There is no install spec and no code files to write to disk (instruction-only). This is the lowest-risk install model and matches the skill's scope.
Credentials
The skill requests a single environment variable, MATON_API_KEY, which is consistent with a managed OAuth gateway. This is proportionate, but that single secret is powerful: Maton will be able to use it to access your Notion connections and OAuth tokens. No unrelated credentials or config paths are requested.
Persistence & Privilege
always:false and no install actions mean the skill does not request permanent system presence. The default allow-autonomous-invocation setting is unchanged; this is normal but means an agent could call the Maton gateway autonomously if granted permission.
Assessment
This skill appears internally consistent, but it routes all Notion operations through Maton (gateway.maton.ai / ctrl.maton.ai). Before installing, verify you trust maton.ai: review their privacy/security documentation and confirm how they store/use OAuth tokens. Treat MATON_API_KEY as a sensitive secret — use least-privilege or a dedicated account if possible, and be prepared to rotate the key if you stop using the skill. If you require direct control (no third-party proxy), consider using a skill that calls Notion's API directly or a gateway you control. Also note the registry metadata shows no top-level homepage/source; if provenance is important, ask the publisher for more information.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dhwejwrsd8aqmn4k5bpth758272e0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
EnvMATON_API_KEY

Comments