Safety Report

Notion

Name: Notion
Rating: 3 (158 reviews)
Author: steipete

@steipete

Notion API for creating and managing pages, databases, and blocks.

44,531Downloads

1,104Installs

158Stars

1Versions

API Integration4,971 Database Management1,222 Notes & Knowledge902

Security Analysis

medium confidence

Suspicious0.04 risk

The skill's instructions match a Notion API helper, but metadata omits the sensitive config path/credential it expects and the skill source is unknown — this mismatch and plaintext key guidance are concerning.

Feb 11, 20261 files2 concerns

Purpose & Capabilityok

Name/description match the SKILL.md: it documents how to call the Notion API to create/read/update pages, data sources, and blocks. The curl examples and Notion endpoints are coherent with the stated purpose.

Instruction Scopenote

The runtime instructions explicitly tell the user/agent to store and read a Notion API key from ~/.config/notion/api_key and then use it in Authorization headers. That behavior is expected for a Notion integration, but the doc also gives an explicit plaintext storage pattern (echo into a file) which is risky — and the skill gives the agent direct shell-style commands to read that file.

Install Mechanismok

Instruction-only skill with no install spec and no code files — lowest install risk. Nothing is downloaded or written by an installer.

Credentialsconcern

Registry metadata lists no required env vars, no primary credential, and no required config paths, yet SKILL.md both instructs creating an API key and reads a specific config file (~/.config/notion/api_key). That mismatch (credential/config use present in instructions but not declared in metadata) and the guidance to store the API key as plaintext are disproportionate and should be clarified.

Persistence & Privilegeok

always:false and default autonomous invocation are normal. The skill does not request persistent system-level privileges. However, because the skill's instructions access a local key file, autonomous invocation combined with the undeclared credential is an additional risk to consider.

Guidance

This skill appears to be a straightforward Notion API helper, but the SKILL.md expects a Notion API key stored at ~/.config/notion/api_key while the registry metadata does not declare that config path or any primary credential. Before installing: (1) confirm the skill publisher/source (the skill lists an unknown source), (2) avoid storing keys as plaintext with echo — consider using your platform's secret store or an environment variable, (3) verify whether the agent will be allowed to access ~/.config/notion (and whether autonomous agent invocation is acceptable), and (4) request an updated skill metadata that declares the config path or primary credential so the behavior is explicit. If the publisher cannot justify the missing metadata or you cannot constrain where the key is stored, treat the skill as risky.

Latest Release

v1.0.0

More by @steipete

Gog

672 stars

Github

267 stars

Weather

229 stars

Frontend Design

186 stars

Openai Whisper

173 stars

Nano Banana Pro

164 stars

Published by @steipete on ClawHub