← 返回 Skills 市场
502
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-skill-notion-workspace
功能描述
Manage Notion workspace — search pages, read content, create pages in databases, append blocks, and list databases. Uses Notion REST API directly via urllib/...
安全使用建议
Before installing or using this skill: (1) Confirm the NOTION_TOKEN behavior — the SKILL.md and script expect NOTION_TOKEN but the registry metadata doesn't declare it; require the publisher to update metadata or treat this as manual. (2) Inspect and remove any hardcoded token in scripts/notion.py. If you have already used the embedded token (or suspect it might be valid), rotate/ revoke it from Notion and avoid using the default. (3) Prefer creating your own Notion integration and set a scoped NOTION_TOKEN in your environment rather than relying on defaults. (4) Verify the token's scope (read/write) matches what you intend and test in a safe workspace. (5) If you need assurance, ask the publisher for the token's origin or for a version of the skill with no embedded credentials and with NOTION_TOKEN declared as the primary credential in registry metadata.
功能分析
Type: OpenClaw Skill
Name: openclaw-skill-notion-workspace
Version: 0.1.0
The skill is classified as suspicious primarily due to the hardcoded Notion API token found in `scripts/notion.py` (`ntn_R368210231801s4MMnfbcy6pFjMrW0hk2DhcmK01vmJ9n8`). This exposes a secret that could grant unauthorized access to a Notion workspace if the token is active. Additionally, the script exhibits potential URL path injection vulnerabilities by directly interpolating `page_id` and `block_id` into API paths, and a JSON injection risk via the `--props` argument, both due to a lack of robust input sanitization.
能力评估
Purpose & Capability
The code (scripts/notion.py) and SKILL.md implement the described capabilities (search, read, create, append, list). The functions and endpoints used match the skill description. However, SKILL.md and the script expect a NOTION_TOKEN while the registry metadata lists no required environment variables or primary credential — an inconsistency that reduces transparency.
Instruction Scope
Runtime instructions stay within the Notion API domain (no unrelated system paths or alternate remote endpoints). They do instruct the user to set NOTION_TOKEN, but also note that a default token embedded in the script will be used if NOTION_TOKEN is not set — this grants the skill implicit authorization without an explicit user-provided credential.
Install Mechanism
No install spec is present (instruction-only + included Python script). No downloads or archive extraction occur, so there is no additional install-time risk beyond the provided code file.
Credentials
The script relies on a single NOTION_TOKEN (appropriate for the Notion integration), but the registry metadata fails to declare it as a required env/primary credential. Critically, the script contains a hardcoded default token string. Hardcoded credentials are a security/privacy smell: they may be valid tokens tied to the publisher's workspace and could cause unintended use of that token if users don't explicitly set their own. The presence of a built-in token and the missing registry declaration are disproportionate to the expected transparent handling of credentials.
Persistence & Privilege
The skill does not request always: true, does not persist or alter other skills, and has no install-time hooks. It runs as a normal, user-invokable skill without elevated platform privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-skill-notion-workspace - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-skill-notion-workspace触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release of Notion workspace management skill.
- Search, read, create, and append content to Notion pages and databases from CLI or as a Python module.
- Direct REST API access via urllib/requests (no SDK dependency).
- Supports searching, reading page metadata & blocks, creating pages with properties, appending text, and listing databases.
- Environment variable setup for NOTION_TOKEN; default token fallback included.
- MIT licensed with clear author, tags, and usage documentation.
元数据
常见问题
Notion Workspace 是什么?
Manage Notion workspace — search pages, read content, create pages in databases, append blocks, and list databases. Uses Notion REST API directly via urllib/... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 502 次。
如何安装 Notion Workspace?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-skill-notion-workspace」即可一键安装,无需额外配置。
Notion Workspace 是免费的吗?
是的,Notion Workspace 完全免费(开源免费),可自由下载、安装和使用。
Notion Workspace 支持哪些平台?
Notion Workspace 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Notion Workspace?
由 Marouane(@mrnsmh)开发并维护,当前版本 v0.1.0。
推荐 Skills