← Back to Skills Marketplace
502
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-skill-notion-workspace
Description
Manage Notion workspace — search pages, read content, create pages in databases, append blocks, and list databases. Uses Notion REST API directly via urllib/...
Usage Guidance
Before installing or using this skill: (1) Confirm the NOTION_TOKEN behavior — the SKILL.md and script expect NOTION_TOKEN but the registry metadata doesn't declare it; require the publisher to update metadata or treat this as manual. (2) Inspect and remove any hardcoded token in scripts/notion.py. If you have already used the embedded token (or suspect it might be valid), rotate/ revoke it from Notion and avoid using the default. (3) Prefer creating your own Notion integration and set a scoped NOTION_TOKEN in your environment rather than relying on defaults. (4) Verify the token's scope (read/write) matches what you intend and test in a safe workspace. (5) If you need assurance, ask the publisher for the token's origin or for a version of the skill with no embedded credentials and with NOTION_TOKEN declared as the primary credential in registry metadata.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-skill-notion-workspace
Version: 0.1.0
The skill is classified as suspicious primarily due to the hardcoded Notion API token found in `scripts/notion.py` (`ntn_R368210231801s4MMnfbcy6pFjMrW0hk2DhcmK01vmJ9n8`). This exposes a secret that could grant unauthorized access to a Notion workspace if the token is active. Additionally, the script exhibits potential URL path injection vulnerabilities by directly interpolating `page_id` and `block_id` into API paths, and a JSON injection risk via the `--props` argument, both due to a lack of robust input sanitization.
Capability Assessment
Purpose & Capability
The code (scripts/notion.py) and SKILL.md implement the described capabilities (search, read, create, append, list). The functions and endpoints used match the skill description. However, SKILL.md and the script expect a NOTION_TOKEN while the registry metadata lists no required environment variables or primary credential — an inconsistency that reduces transparency.
Instruction Scope
Runtime instructions stay within the Notion API domain (no unrelated system paths or alternate remote endpoints). They do instruct the user to set NOTION_TOKEN, but also note that a default token embedded in the script will be used if NOTION_TOKEN is not set — this grants the skill implicit authorization without an explicit user-provided credential.
Install Mechanism
No install spec is present (instruction-only + included Python script). No downloads or archive extraction occur, so there is no additional install-time risk beyond the provided code file.
Credentials
The script relies on a single NOTION_TOKEN (appropriate for the Notion integration), but the registry metadata fails to declare it as a required env/primary credential. Critically, the script contains a hardcoded default token string. Hardcoded credentials are a security/privacy smell: they may be valid tokens tied to the publisher's workspace and could cause unintended use of that token if users don't explicitly set their own. The presence of a built-in token and the missing registry declaration are disproportionate to the expected transparent handling of credentials.
Persistence & Privilege
The skill does not request always: true, does not persist or alter other skills, and has no install-time hooks. It runs as a normal, user-invokable skill without elevated platform privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-skill-notion-workspace - After installation, invoke the skill by name or use
/openclaw-skill-notion-workspace - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release of Notion workspace management skill.
- Search, read, create, and append content to Notion pages and databases from CLI or as a Python module.
- Direct REST API access via urllib/requests (no SDK dependency).
- Supports searching, reading page metadata & blocks, creating pages with properties, appending text, and listing databases.
- Environment variable setup for NOTION_TOKEN; default token fallback included.
- MIT licensed with clear author, tags, and usage documentation.
Metadata
Frequently Asked Questions
What is Notion Workspace?
Manage Notion workspace — search pages, read content, create pages in databases, append blocks, and list databases. Uses Notion REST API directly via urllib/... It is an AI Agent Skill for Claude Code / OpenClaw, with 502 downloads so far.
How do I install Notion Workspace?
Run "/install openclaw-skill-notion-workspace" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Notion Workspace free?
Yes, Notion Workspace is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Notion Workspace support?
Notion Workspace is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Notion Workspace?
It is built and maintained by Marouane (@mrnsmh); the current version is v0.1.0.
More Skills