← 返回 Skills 市场
107
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install notion-openapi-skill
功能描述
Operate Notion Public API through UXC with a curated OpenAPI schema for search, block traversal, page reads, content writes, and data source/database inspect...
安全使用建议
This skill appears to be a legitimate Notion/OpenAPI wrapper, but double-check a few things before installing or providing secrets:
- Declare and use a dedicated Notion integration token (NOTION_API_TOKEN) rather than a shared or high-privilege token. The skill needs this token to work; the registry metadata omits that, so don't assume it won't need one.
- The SKILL.md recommends reusing an OAuth credential (notion-mcp). Reusing credentials can cause headers (Notion-Version, Authorization) to be sent to other endpoints (mcp.notion.com). Only reuse if you understand and accept that cross-host header behavior.
- The repository includes a validation script that expects jq and ripgrep (rg). Those binaries are not declared in the skill metadata — this is a minor transparency gap but not necessarily dangerous.
- Ensure you trust the 'uxc' CLI/tool referenced here; it is central to how this skill issues requests and manages credentials. If you don't control uxc, inspect its configuration and behavior before binding credentials.
If the owner can update the registry metadata to list NOTION_API_TOKEN (or declare the primary credential) and any required helper binaries, and more clearly warn about header leakage when reusing credentials, that would resolve the main concerns.
功能分析
Type: OpenClaw Skill
Name: notion-openapi-skill
Version: 1.0.0
The notion-openapi-skill bundle is a legitimate tool for interacting with the Notion Public API via the uxc utility. It provides a curated OpenAPI schema (notion-public.openapi.json), clear authentication setup instructions, and safety guardrails in SKILL.md that require explicit user confirmation for write operations. The validation script (validate.sh) ensures adherence to security and versioning standards, and no evidence of data exfiltration, malicious execution, or prompt injection was found.
能力评估
Purpose & Capability
The name/description (Notion OpenAPI traversal + writes) align with the included OpenAPI schema and usage examples. However, SKILL.md expects a Notion token (NOTION_API_TOKEN) and the presence of the 'uxc' helper, yet the registry metadata lists no required env vars or required binaries — a mismatch that reduces transparency. The included validate.sh script also requires 'jq' and 'rg' but those binaries are not declared in metadata.
Instruction Scope
Runtime instructions are narrowly scoped to calling api.notion.com via uxc, creating a notion-openapi-cli link, and performing read-first traversal and optional writes. The skill does not instruct reading arbitrary local files or unrelated system state. One concern: the docs recommend reusing a shared OAuth credential (notion-mcp) and explicitly note that adding the Notion-Version header to a shared credential will also send that header to mcp.notion.com — this is documented but can cause unintended header leakage to other endpoints.
Install Mechanism
No install spec is present (instruction-only), which is low-risk. The schema is referenced from raw.githubusercontent.com, a well-known host. The only filesystem/exec artifact is scripts/validate.sh (local validation) — it is not an install payload and appears harmless.
Credentials
The skill requires a Notion integration token or OAuth credentials to function, and SKILL.md shows use of NOTION_API_TOKEN via uxc. Yet registry metadata declares no required env vars and no primary credential — this omission is a transparency issue. Also, the advice to reuse an existing OAuth credential (notion-mcp) can cause the Notion-Version and Authorization headers to be sent to other host paths (mcp.notion.com), which may be undesirable; users should be warned to only reuse credentials when they understand the cross-host header behavior.
Persistence & Privilege
The skill is not always-enabled and does not request unusual persistence or elevated privileges. It provides examples to add auth bindings via uxc, but it does not autonomously modify other skills or system configs in the provided instructions.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install notion-openapi-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/notion-openapi-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of notion-openapi-skill, enabling Notion Public API access via UXC and a curated OpenAPI schema.
- Provides commands for search, block traversal, page reads, and structured content writes in Notion.
- Focuses on recursive reads and operations not covered by the Notion MCP.
- Includes support for token validation, database/data source introspection, and standard CRUD for pages and blocks.
- Requires uxc installed, a Notion integration token or OAuth, and uses a fixed Notion-Version header (2026-03-11).
- Operations grouped into session, traversal, write, and data source/database reads.
- Emphasizes explicit credentials setup and careful validation before write operations.
元数据
常见问题
Notion Openapi Skill 是什么?
Operate Notion Public API through UXC with a curated OpenAPI schema for search, block traversal, page reads, content writes, and data source/database inspect... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 107 次。
如何安装 Notion Openapi Skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install notion-openapi-skill」即可一键安装,无需额外配置。
Notion Openapi Skill 是免费的吗?
是的,Notion Openapi Skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Notion Openapi Skill 支持哪些平台?
Notion Openapi Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Notion Openapi Skill?
由 jolestar(@jolestar)开发并维护,当前版本 v1.0.0。
推荐 Skills