ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Notion

v1.0.0

Access and manage Notion workspaces via OAuth to search pages, create and update databases, pages, blocks, and retrieve user info.

0· 15·0 current·0 all-time
byOtman Heddouch@otman-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to access Notion via OAuth, but all runtime examples and the gateway described use a third‑party service (maton.ai) and an API key (MATON_API_KEY). The registry metadata lists no required env vars or primary credential even though the SKILL.md explicitly tells users to export MATON_API_KEY. Requiring an API key for a proxy service is coherent only if the skill is transparently a Maton proxy; the metadata does not reflect that.
!
Instruction Scope
SKILL.md instructs the agent (and user) to: set MATON_API_KEY, call gateway.maton.ai and ctrl.maton.ai endpoints, create/manage OAuth connections via ctrl.maton.ai, and open returned OAuth URLs in a browser. These instructions send Notion data and OAuth flows through maton.ai rather than directly to api.notion.com. The instructions do not request unrelated filesystem or system access, but they do direct sensitive credentials and workspace data to a third party.
Install Mechanism
This is an instruction‑only skill with no install spec and no code files, so nothing is written to disk by the skill package itself. That reduces one class of risk.
!
Credentials
The SKILL.md requires an environment variable named MATON_API_KEY (used as Authorization: Bearer $MATON_API_KEY), but the skill metadata declares no required env vars or primary credential. Asking for an API key that grants proxy access to a user's Notion workspace is a high‑impact secret — its absence from the declared requirements is a notable inconsistency. The MATON key likely grants broad access to workspace contents via maton.ai's OAuth connections.
Persistence & Privilege
The skill does not request always:true or any system config paths; autonomous invocation is allowed (platform default) but the skill does not request elevated persistence or system modifications.
What to consider before installing
This skill routes Notion API calls through a third party (maton.ai). Before installing, verify maton.ai's identity and trustworthiness — read its privacy/security docs and confirm where and how it stores OAuth tokens. The SKILL.md requires you to set MATON_API_KEY, but the registry metadata does not declare this credential; ask the publisher to correct the metadata (declare MATON_API_KEY as primaryEnv) and to provide a homepage and privacy policy. If you must proceed, prefer using a separate Notion account with limited data, or create a Notion integration with narrowly scoped permissions. Consider using an official Notion integration or a skill that talks directly to api.notion.com instead of a proxy service.

Like a lobster shell, security has layers — review code before you run it.

latestvk977tn7cj9we6w52yewf5nj9gs84cz4s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments