ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Notion Manager

v1.0.0

Production-ready Notion API client for SaaS workflows. Create/read/update pages, query data sources, append blocks.

0· 225·1 current·1 all-time
byTomas Mikula@tomas-mikula
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The code and SKILL.md both implement Notion API operations (search, getPage, queryDataSource, createPage, etc.), which matches the stated purpose. However there are naming mismatches (SKILL.md mentions NOTION_API_KEY env and camelCase param names like dataSourceId, while code expects auth.notionApiKey and snake_case params). The package name/slug mismatch is minor but inconsistent.
!
Instruction Scope
SKILL.md declares NOTION_API_KEY as an environment credential and primary credential, but the runtime code does not read process.env; instead it expects params.auth.notionApiKey. The instructions and code disagree about where the API key must be provided. Parameter names in examples (dataSourceId, block_id vs blockId) are inconsistent with code, increasing the chance the agent will send malformed or unintended requests.
Install Mechanism
This is an instruction-only skill with a small code file and no install spec. Nothing is downloaded from external or untrusted URLs and package.json is minimal. No install mechanism risks detected.
!
Credentials
The skill only needs a Notion API key in scope, which would be proportionate. However SKILL.md states an env var (NOTION_API_KEY) while the code requires auth.notionApiKey in the input object; the registry metadata lists no required env vars. This mismatch could lead users to supply credentials in the wrong place or to accidentally expose secrets when trying to adapt the skill. No unrelated credentials are requested.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and has no install-time persistence. It makes outbound HTTP calls only to api.notion.com. Autonomous invocation is enabled by default (normal), but combined with other incoherences this increases risk of unintended API calls.
What to consider before installing
Do not install or use this skill in production until the inconsistencies are resolved. Specific issues to address: 1) Credential handling: SKILL.md advertises NOTION_API_KEY (env) but the code expects an auth object (params.auth.notionApiKey). Decide which method to use and document it clearly. 2) Authorization header bug: the code builds Authorization as `Bearer ${{key}}` which will stringify an object and send an invalid header; it should be `Bearer ${key}`. 3) Parameter naming: normalize param names between docs and code (camelCase vs snake_case) so the agent sends the correct fields. 4) Test behavior: verify fetch is available in the runtime, and confirm all endpoints/HTTP methods match Notion's current API. 5) Source verification: the skill's source/homepage is inconsistent (SKILL.md lists a web URL but registry lists none and owner is unknown); prefer skills from known authors or inspect and run in an isolated environment. After these fixes, the skill would be coherent and more trustworthy.

Like a lobster shell, security has layers — review code before you run it.

latestvk974hmx9m2xxg701zv7nf9sc8d82zdcr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Environment variables
NOTION_API_KEYrequired

Comments