← 返回 Skills 市场
307
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install notion-2025-api
功能描述
Query, create, and manage Notion databases and pages using the 2025-09-03 API format. Use when: (1) querying or filtering database entries via data_source_id...
使用说明 (SKILL.md)
Notion 2025 API Skill
This skill provides utilities for working with Notion databases and pages using the 2025-09-03 API format, which separates database_id (for creating pages) from data_source_id (for querying entries).
Quick Reference
Key Difference (2025-09-03):
database_id→ Use when creating NEW pages in a databasedata_source_id→ Use when QUERYING existing entries in a database
Common Operations
1. Query a Database
NOTION_KEY=$(cat ~/.openclaw/workspace/secrets/notion_api_key.txt)
DATA_SOURCE_ID="YOUR_DATA_SOURCE_ID"
curl -s -X POST "https://api.notion.com/v1/data_sources/$DATA_SOURCE_ID/query" \
-H "Authorization: Bearer $NOTION_KEY" \
-H "Notion-Version: 2025-09-03" \
-H "Content-Type: application/json" \
-d '{
"filter": {"property": "Status", "select": {"equals": "Active"}},
"sorts": [{"property": "Last Updated", "direction": "descending"}]
}' | jq '.results[]'
2. Create a Database Entry
curl -s -X POST "https://api.notion.com/v1/pages" \
-H "Authorization: Bearer $NOTION_KEY" \
-H "Notion-Version: 2025-09-03" \
-H "Content-Type: application/json" \
-d '{
"parent": {"database_id": "YOUR_DATABASE_ID"},
"properties": {
"Name": {"title": [{"text": {"content": "Entry Name"}}]},
"Status": {"select": {"name": "Active"}},
"Count": {"number": 42}
}
}' | jq '.id'
3. Update a Page
ENTRY_ID="YOUR_ENTRY_ID"
curl -s -X PATCH "https://api.notion.com/v1/pages/$ENTRY_ID" \
-H "Authorization: Bearer $NOTION_KEY" \
-H "Notion-Version: 2025-09-03" \
-H "Content-Type: application/json" \
-d '{
"properties": {
"Status": {"select": {"name": "Complete"}},
"Description": {"rich_text": [{"text": {"content": "Updated content"}}]}
}
}' | jq '.properties'
4. Add Content Blocks to a Page
PAGE_ID="YOUR_PAGE_ID"
curl -s -X PATCH "https://api.notion.com/v1/blocks/$PAGE_ID/children" \
-H "Authorization: Bearer $NOTION_KEY" \
-H "Notion-Version: 2025-09-03" \
-H "Content-Type: application/json" \
-d '{
"children": [
{
"object": "block",
"type": "heading_2",
"heading_2": {"rich_text": [{"text": {"content": "Section Title"}}]}
},
{
"object": "block",
"type": "paragraph",
"paragraph": {"rich_text": [{"text": {"content": "Paragraph content"}}]}
}
]
}' | jq '.object'
Property Types (2025-09-03)
When updating or creating entries, use these property formats:
| Type | Format | Example |
|---|---|---|
| Title | {"title": [{"text": {"content": "..."}}]} |
{"title": [{"text": {"content": "My Title"}}]} |
| Rich Text | {"rich_text": [{"text": {"content": "..."}}]} |
{"rich_text": [{"text": {"content": "Body text"}}]} |
| Select | {"select": {"name": "Option"}} |
{"select": {"name": "Active"}} |
| Number | {"number": VALUE} |
{"number": 42} |
| Date | {"date": {"start": "YYYY-MM-DD"}} |
{"date": {"start": "2026-03-03"}} |
| Checkbox | {"checkbox": true/false} |
{"checkbox": true} |
| URL | {"url": "https://..."} |
{"url": "https://example.com"} |
| Status | {"status": {"name": "..."}} |
{"status": {"name": "Active"}} |
Filter Syntax (for queries)
{
"filter": {
"and": [
{"property": "Status", "select": {"equals": "Active"}},
{"property": "Count", "number": {"greater_than": 5}}
]
}
}
Common filters:
{"select": {"equals": "Value"}}{"number": {"greater_than": N}}{"date": {"on_or_after": "2026-01-01"}}{"rich_text": {"contains": "keyword"}}
Bundled References
- API_REFERENCE.md — Complete endpoint documentation and property types
- EXAMPLES.md — Real-world examples and use cases
Setup
- Create integration at https://notion.so/my-integrations
- Copy API key
- Store in
~/.openclaw/workspace/secrets/notion_api_key.txt - Share target Notion pages/databases with your integration (Invite → select integration)
Security & Safety
Credentials
- API Key Storage: Stored in
~/.openclaw/workspace/secrets/notion_api_key.txt - Scope: Notion API access only (limited to Notion endpoints)
- No Elevation: This skill does not request elevated permissions
- Key Rotation: If key is compromised, revoke at https://notion.so/my-integrations
Input Validation ⚠️
IMPORTANT: The helper script uses JSON string concatenation. Only use with:
- Trusted input (your own data)
- IDs from Notion (database_id, page_id, data_source_id)
- Known property names from your Notion schema
❌ DO NOT pass untrusted user input directly to the script:
# UNSAFE - if user_input contains special chars/quotes
./notion_helper.sh create "$db_id" "$user_input"
✅ SAFE - Use proper escaping or JSON libraries:
# SAFE - properly escaped
title=$(echo "$user_input" | jq -Rs '.')
./notion_helper.sh create "$db_id" "$title"
External Dependencies
- curl — HTTP requests to Notion API
- jq — JSON parsing and formatting
- date — Date calculations (macOS/Linux)
All are standard utilities; verify they're available before use.
Important Notes
- API Version: Always use
Notion-Version: 2025-09-03 - IDs: database_id and data_source_id are different—use the correct one for your operation
- Permissions: Integration must be invited to pages/databases via Notion UI
- Rate limit: ~3 requests/second average
- Untrusted Input: Never pass unsanitized user input to JSON construction
安全使用建议
This skill looks coherent for Notion API use — it needs curl, jq, and a Notion API key stored at ~/.openclaw/workspace/secrets/notion_api_key.txt. Before installing: (1) ensure the secret file is created with restrictive permissions (chmod 600) and contains only the Notion key; (2) avoid passing untrusted user input directly to the helper script — escape inputs with jq as shown in the docs; (3) be aware the script validates JSON values and IDs but does not validate property names passed to the update command (don’t pass attacker-controlled strings as the property parameter); (4) note the metadata declares an env var NOTION_API_KEY_PATH but the script reads the hardcoded path — if you rely on a different location, verify or adjust the script to read the env var; (5) review the helper script yourself (it's short) and run it in a controlled environment first. These are implementation hygiene items rather than indicators of malicious behavior.
功能分析
Type: OpenClaw Skill
Name: notion-2025-api
Version: 1.0.1
This skill is designed for legitimate interaction with the Notion API. The `scripts/notion_helper.sh` script and the `SECURITY.md` file clearly indicate that a JSON injection vulnerability *existed* but has been *fixed* by implementing robust input validation and proper JSON escaping using `jq -Rs '.'` and `jq empty`. All network calls target the legitimate Notion API endpoint (`https://api.notion.com/v1/`). The documentation (SKILL.md, README.md) is transparent about API key handling and explicitly warns users about safe input practices. There is no evidence of malicious intent, data exfiltration, persistence mechanisms, or prompt injection attempts against the OpenClaw agent.
能力评估
Purpose & Capability
Name/description match the provided files and code: the SKILL.md, README, API reference, examples, and helper script all implement Notion API operations (query, create, update, add blocks). Required binaries (curl, jq) and a Notion API key are appropriate and proportional for this functionality.
Instruction Scope
Runtime instructions and the bundled script operate only on Notion endpoints and the local secret file. The documentation repeatedly warns about untrusted input and the script validates JSON for values and Notion IDs. However, update_property inserts the property name directly into JSON via string concatenation (the script validates the value JSON but not the property identifier), which could lead to malformed payloads or injection if a caller supplies an attacker-controlled property string. The docs warn users, but the code does not fully validate property names.
Install Mechanism
No install spec (instruction-only with a shipped helper script). No downloads or remote code execution during install. This is low risk from an installation perspective.
Credentials
The skill requests a single credential stored at ~/.openclaw/workspace/secrets/notion_api_key.txt (declared in metadata as NOTION_API_KEY_PATH) which is proportionate. Minor inconsistency: the metadata declares NOTION_API_KEY_PATH but the helper script reads a hardcoded path (~/.openclaw/workspace/secrets/notion_api_key.txt) instead of reading the environment variable; in practice the path matches, but this mismatch between metadata and runtime behavior could matter in environments that expect the skill to honor the env var.
Persistence & Privilege
always:false and no actions that modify other skills or global agent configs. The skill runs on demand or autonomously per platform defaults; it does not request elevated privileges or persistent system changes.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install notion-2025-api - 安装完成后,直接呼叫该 Skill 的名称或使用
/notion-2025-api触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Security patch v1.0.1: Fix registry metadata mismatch, JSON injection vulnerability, credential transparency. All input validated/escaped. See SECURITY.md.
v1.0.0
Full support for Notion 2025-09-03 API with database queries and page management
元数据
常见问题
Notion 2025 API Skill 是什么?
Query, create, and manage Notion databases and pages using the 2025-09-03 API format. Use when: (1) querying or filtering database entries via data_source_id... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 307 次。
如何安装 Notion 2025 API Skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install notion-2025-api」即可一键安装,无需额外配置。
Notion 2025 API Skill 是免费的吗?
是的,Notion 2025 API Skill 完全免费(开源免费),可自由下载、安装和使用。
Notion 2025 API Skill 支持哪些平台?
Notion 2025 API Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Notion 2025 API Skill?
由 kai-tw(@kai-tw)开发并维护,当前版本 v1.0.1。
推荐 Skills