critical
suspicious.env_credential_access
- Location
- scripts/notion-api.mjs:18
- Finding
- Environment variable access combined with network send.
Notion API Tools
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.env_credential_access
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
If the token is shared with sensitive Notion pages or databases, the skill can access and potentially modify that content through the Notion API.
Why it was flagged
The skill intentionally uses a Notion integration token. This is expected for the stated purpose, but it gives the CLI whatever read/write access the integration has to shared Notion pages/databases.
Skill content
Provide a Notion integration token via either: - `NOTION_KEY` env var, or - `~/.config/notion/api_key`
Recommendation
Use a least-privilege Notion integration, share only the pages/databases needed, and rotate the token if it may have been exposed.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
An agent using this skill with a valid token could change existing Notion page/block content if given block IDs and write permissions.
Why it was flagged
The executable exposes Notion block append/update operations with caller-supplied JSON bodies. These are purpose-adjacent, but broader than the main SKILL.md command examples.
Skill content
append-blocks --block-id <BLOCK_ID> --body '{"children": [...]}'
update-block --block-id <BLOCK_ID> --body '{...}'Recommendation
Review and confirm write commands before running them, and document all mutation commands clearly in the skill instructions.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
Users have limited provenance information for deciding whether this is the expected Notion CLI code.
Why it was flagged
The provided artifacts show no installer or external dependencies, but they also do not identify an upstream source or homepage for provenance.
Skill content
Source: unknown Homepage: none No install spec — this is an instruction-only skill.
Recommendation
Inspect the included script before use and prefer installing skills from a known, version-controlled source when possible.