by 安全扫描
OpenClaw
安全
high confidence该技能的代码和指令与其所述目的(Notion API访问)一致,它使用Notion API进行交互,请求适当的配置,不请求无关的凭证或意外端点。
评估建议
此技能似乎确实做到了它声称的:Notion API访问脚本,用于页面和数据库操作。安装或运行之前:1) 确认您的Notion API密钥已妥善配置,并且您对授予Notion访问权限感到满意。2) 仅共享您希望技能访问的页面和数据库。3) 技能不请求凭证,但注意不要向脚本传递敏感的Notion凭证,除非您信任整个工具链。4) 如果您想要更高的保证,请在运行前在本地审查包含的脚本。...详细分析 ▾
✓ 用途与能力
Name and description match the declared requirement (NOTION_API_KEY) and the SKILL.md. The skill is declarative and expects a local 'notion-cli' to perform API calls — this aligns with the stated purpose of working with Notion pages and databases.
ℹ 指令范围
Instructions stay on-topic (reading/creating pages and querying/updating databases via a local CLI). Minor inconsistency: SKILL.md references an additional env var NOTION_PROFILE (for selecting profiles) but NOTION_PROFILE is not listed in the required env metadata. The skill does not instruct the agent to read unrelated system files or send data to unexpected endpoints.
✓ 安装机制
This is an instruction-only skill with no install spec or code files, so nothing will be written to disk by the skill bundle itself. The README/SKILL.md recommends installing an external CLI ('notion-cli' or 'notion-cli-py'); verify the provenance of that third-party tool before installing.
ℹ 凭证需求
Only NOTION_API_KEY is declared as required, which is appropriate and proportionate for Notion API access. The SKILL.md also mentions NOTION_PROFILE (not declared) as a way to switch contexts. The requested token is sensitive — users should provide a token with least privilege and share the integration only with pages/databases the skill should access.
✓ 持久化与权限
always is false and the skill is user-invocable; it requests no persistent presence or system-wide configuration. Model invocation is allowed (normal) but not exceptional for this skill.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/1/27
初始版本,支持Notion API访问
● 无害
安装命令 点击复制
官方npx clawhub@latest install notion-skill
镜像加速npx clawhub@latest install notion-skill --registry https://cn.clawhub-mirror.com
技能文档
This skill lets the agent work with Notion pages and databases using the official Notion API.
The skill is declarative: it documents safe, recommended operations and assumes a local CLI
(notion-cli) that actually performs API calls.
Authentication
- 创建 Notion Integration 在 https://www.notion.所以/my-integrations
- 复制 Internal Integration 令牌.
- 导出 作为:
export NOTION_API_KEY=secret_xxx
Share the integration with the pages or databases you want to access. Unshared content is invisible to the API.
Profiles (personal / work)
You may define multiple profiles (e.g. personal, work) via env or config.
Default profile: personal
Override via:
export NOTION_PROFILE=work
Pages
读取 page:
notion-cli page get
Append blocks:
notion-cli block append --markdown "..."
Prefer appending over rewriting content.
创建 page:
notion-cli page create --parent --title "..."
Databases
Inspect schema:
notion-cli db get
查询 数据库:
notion-cli db query --filter --sort
创建 行:
notion-cli page create --database --props
更新 行:
notion-cli page update --props
Schema changes (advanced)
Always inspect diffs before applying schema changes.
Never modify database schema without explicit confirmation.
Recommended flow:
notion-cli db schema diff --desired
notion-cli db schema apply --desired
Safety notes
- Notion API rate-limited; batch carefully.
- Prefer append 和 updates 在...上 destructive operations.
- IDs opaque; store them explicitly, 做 不 infer 从 URLs.
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制