Notion API for creating and managing pages, databases, and blocks. The skill's instructions match a Notion API helper, but metadata omits the sensitive config path/credential it expects and the skill source is unknown —
Security
High Risk
Quality
Watch · 62
Install
manual only
Audit version
audit-standard-v2
Source metrics come from upstream registries/repositories. Platform metrics come from user actions on SkillTrust and are protected by dedupe/rate-limit anti-abuse rules.
Notion API for creating and managing pages, databases, and blocks. The skill's instructions match a Notion API helper, but metadata omits the sensitive config path/credential it expects and the skill source is unknown — this mismatch and plaintext key guidance are concerning. This skill appears to be a straightforward Notion API helper, but the SKILL.md expects a Notion API key stored at ~/.config/notion/api_key while the registry metadata does not declare that config path or any primary credential. Before installing: (1) confirm the skill publisher/source (the skill lists an unknown source), (2) avoid storing keys as plaintext with echo — consider using your platform's secret store or an environment variable, (3) verify whether the agent will be allowed to access ~/.config/notion (and whether autonomous agent invocation is acceptable), and (4) request an updated skill metadata that declares the config path or primary credential so the behavior is explicit. If the publisher cannot justify the missing metadata or you cannot constrain where the key is stored, treat the skill as risky.
• Add explicit When to Use / Guidelines sections.
• Provide at least one concrete input-output example.
• Publish versioned changelog and update cadence.
• Document compatibility and breaking-change policy.
• Expand capability limits and boundary conditions.
Is this a security certification?
No. SkillTrust audit is advisory and should be combined with your own review controls.
Can I install directly from this page?
No one-click install is provided. Use command guidance and run in your controlled environment.
Imported from ClawHub public listing.
Official source did not expose a direct install command.
Open official docsInstall method: instruction-only
Quick install
Quick preflight
Read source docs and verify prerequisites manually.Preflight checks
Post-install signal
Installed successfully? Send an activation signal to improve ranking quality over time.
Audit score 60 / 100. Risk guidance is advisory only; review evidence before install.
• Add troubleshooting and FAQ for common failures.
• Improve discoverability through verified source channels.
• Publish usage examples to increase activation quality.
• Reduce shell/file/network scope and document least privilege.
• Expose explicit provenance, dependency pinning, and security notes.
• Provide structured install + rollback steps for each supported agent.
• Mark official/verified status and keep metadata timestamps fresh.
Moderately fresh; review release notes before install.
Audit guidance: 60 / 100 · high
Scores with similar values can still differ in confidence; use evidence and risk lines below for final install judgment.
Risk 60 · Δ +0 · Findings 5
Apr 3, 2026 · auto
Latest high risk result from audit-standard-v2.