Notion Manager
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the token is over-permissioned or exposed, an agent or other local user could read or modify shared Notion pages and databases.
The skill requires a Notion API token, which grants delegated access to the Notion content shared with the integration.
metadata: {"openclaw":{"emoji":"📓","requires":{"env":["NOTION_TOKEN"]},"primaryEnv":"NOTION_TOKEN"}}Use a dedicated Notion integration, share only the specific pages/databases needed, protect the token, and rotate it if it may have been exposed.
The agent can create or update Notion pages and database records when using this skill, so incorrect IDs or properties could change the wrong content.
The documented commands include write authority over Notion objects, which is central to the skill but can change workspace data.
Use *notion-cli* to create/read/update pages, data sources (databases), and blocks.
Review planned create/update actions before approving them, especially for shared business databases or important pages.
Installing a global package gives that package code execution on the local machine during install/use, and an unpinned package can change over time.
The skill asks users to globally install an unpinned external npm package, while the listed homepage is a GitHub repository URL rather than a locked package artifact.
Install notion-cli: `npm install -g @iansinnott/notion-cli`
Verify the npm package and repository before installing, consider pinning a known-good version, and install it in a controlled environment if possible.