← 返回 Skills 市场
notion-agent-memory
作者
Vlad Rimsha
· GitHub ↗
· v1.0.1
732
总下载
0
收藏
1
当前安装
6
版本数
在 OpenClaw 中安装
/install notion-agent-memory
功能描述
Structured memory system for AI agents using Notion. Use when setting up agent memory, discussing memory persistence, or helping agents remember context acro...
安全使用建议
This skill appears to do what it says (templates + Notion integration) but contains risky recommendations around credential handling and background checks. Before installing or using it: 1) Do NOT store sensitive credentials in workspace docs like MEMORY.md or checked-in files. 2) If you use Notion integration, create a dedicated Notion integration with the minimum required permissions and store its token in a protected config file with restrictive file permissions (chmod 600), or use a secrets manager rather than a plain text file. 3) Review and remove/disable any instructions that would make the agent check email/calendar/send messages or run cron jobs unless you explicitly want that and have secured credentials. 4) Avoid putting tokens into version control or shared folders. 5) If you enable agent autonomy to perform external actions, restrict those capabilities and audit what the agent sends. If you want, I can point out exact lines to change to remove the credential-storage and background-check recommendations.
功能分析
Type: OpenClaw Skill
Name: notion-agent-memory
Version: 1.0.1
The skill is classified as suspicious due to several high-risk capabilities and potential vulnerabilities. Specifically, the `SKILL.md`, `assets/MEMORY-TEMPLATE.md`, `references/act-framework.md`, and `references/notion-integration.md` files instruct the agent to store a Notion API key in `~/.config/notion/api_key` and then use shell commands like `$(cat ~/.config/notion/api_key)` or `$(grep ... | cut ...)` within `curl` calls. This pattern is vulnerable to shell injection if the content of the API key file can be controlled by an attacker. Additionally, the `assets/HEARTBEAT-TEMPLATE.md` file contains an instruction for the agent to 'Use cron jobs for background tasks', which, if interpreted as a direct command, could lead to unauthorized persistence on the system. While these actions are presented within the context of the skill's stated purpose (Notion integration and agent memory management), they represent significant security risks and vulnerabilities rather than clear malicious intent.
能力评估
Purpose & Capability
Name/description match the contents: templates and instructions for maintaining agent memory locally or via Notion. The SKILL.md explains both a files-only workflow and Notion API patterns; there are no unexpected binaries, env vars, or install steps required by the skill itself.
Instruction Scope
Runtime instructions are mostly about reading/writing workspace files and using Notion's API (reasonable). However the docs explicitly (a) recommend saving API tokens and other credentials in files and documenting them in MEMORY.md, (b) instruct agents to check email/calendar regularly, send messages, and run cron/background jobs — actions that reach outside the stated memory task and require additional credentials/privileges. Encouraging persistent background checks and external communications is scope creep and increases attack surface.
Install Mechanism
Instruction-only skill with no install spec and no code to execute. Lowest-risk delivery mechanism. Templates are offered via external commercial links (shop.vlad.chat / Gumroad), but the skill itself does not download or execute remote code.
Credentials
The skill doesn't declare required env vars, yet its Notion integration examples instruct storing a Notion 'ntn_' token at ~/.config/notion/api_key and even show shell patterns to extract tokens. More concerning: templates/docs encourage keeping 'access credentials and tools' in MEMORY.md. Asking for or instructing storage of unrelated credentials (email/calendar) is disproportionate and invites secret leakage.
Persistence & Privilege
The skill is not force-enabled (always:false) and does not modify other skills. It recommends cron/background tasks and heartbeat checks, but those are suggestions the operator must implement. There's no built-in persistent agent or autonomous install step in the package itself.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install notion-agent-memory - 安装完成后,直接呼叫该 Skill 的名称或使用
/notion-agent-memory触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Use shell-only Notion API examples; read token from JSON file; remove Python example
v1.0.5
- Added a new section explaining how to treat Notion like a knowledge graph/Obsidian, clarifying links, context, and structure.
- Emphasized database views in Notion as queries into a unified memory graph, not separate data silos.
- Provided a new mental model for users: building a second brain rather than filling out spreadsheets.
- No changes to core functionality or methodology—documentation update only.
v1.2.0
Added HEARTBEAT, IDENTITY, SOUL, USER templates + Resume blocks + complete Notion API guide
v1.1.1
Fixed: Notion is delivery platform, not optional. Updated quick start and distribution flow.
v1.1.0
Dual-use templates: works for human OR agent. Notion now optional. Links to ACT Scrolls at shop.vlad.chat.
v1.0.0
Initial release: ACT framework databases, Continuity Cycle pattern, Notion integration, MEMORY.md template
元数据
常见问题
notion-agent-memory 是什么?
Structured memory system for AI agents using Notion. Use when setting up agent memory, discussing memory persistence, or helping agents remember context acro... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 732 次。
如何安装 notion-agent-memory?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install notion-agent-memory」即可一键安装,无需额外配置。
notion-agent-memory 是免费的吗?
是的,notion-agent-memory 完全免费(开源免费),可自由下载、安装和使用。
notion-agent-memory 支持哪些平台?
notion-agent-memory 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 notion-agent-memory?
由 Vlad Rimsha(@vladchatware)开发并维护,当前版本 v1.0.1。
推荐 Skills