Skip to main content

notion

Integrates with Notion API for personal knowledge management, enabling users to create, query, and update tasks, notes, and databases.

Install this skill

or
2/100

Security score

The notion skill was audited on Jun 6, 2026 and we found 30 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 55

Curl to non-GitHub URL

SourceSKILL.md
55curl -s -X POST https://api.notion.com/v1/pages \
medium line 73

Curl to non-GitHub URL

SourceSKILL.md
73curl -s -X POST https://api.notion.com/v1/pages \
medium line 91

Curl to non-GitHub URL

SourceSKILL.md
91curl -s -X POST https://api.notion.com/v1/pages \
medium line 110

Curl to non-GitHub URL

SourceSKILL.md
110curl -s -X POST https://api.notion.com/v1/pages \
medium line 129

Curl to non-GitHub URL

SourceSKILL.md
129curl -s -X POST https://api.notion.com/v1/data_sources/TASKS_DS_ID/query \
medium line 142

Curl to non-GitHub URL

SourceSKILL.md
142curl -s -X POST https://api.notion.com/v1/data_sources/TASKS_DS_ID/query \
medium line 154

Curl to non-GitHub URL

SourceSKILL.md
154curl -s -X POST https://api.notion.com/v1/search \
medium line 164

Curl to non-GitHub URL

SourceSKILL.md
164curl -s -X POST https://api.notion.com/v1/data_sources/PROJECTS_DS_ID/query \
medium line 177

Curl to non-GitHub URL

SourceSKILL.md
177curl -s -X POST https://api.notion.com/v1/pages \
medium line 197

Curl to non-GitHub URL

SourceSKILL.md
197curl -s -X PATCH https://api.notion.com/v1/pages/PAGE_ID \
medium line 211

Curl to non-GitHub URL

SourceSKILL.md
211curl -s -X PATCH https://api.notion.com/v1/blocks/PAGE_ID/children \
medium line 8

Webhook reference - potential data exfiltration

SourceSKILL.md
8notion search 'webhook payload', notion add note --type Decision 'Use Bun over Node',
medium line 42

Access to hidden dotfiles in home directory

SourceSKILL.md
42- `~/.claude/plugins/notion/.env`
medium line 38

Access to .env file

SourceSKILL.md
38Load the token: `NOTION_API_KEY=$(grep NOTION_API_KEY /path/to/plugins/notion/.env | cut -d= -f2-)`
medium line 40

Access to .env file

SourceSKILL.md
40If the .env path is unknown, check common locations:
medium line 41

Access to .env file

SourceSKILL.md
41- `plugins/notion/.env` (relative to project)
medium line 42

Access to .env file

SourceSKILL.md
42- `~/.claude/plugins/notion/.env`
low line 26

External URL reference

SourceSKILL.md
26Base URL: `https://api.notion.com/v1`
low line 55

External URL reference

SourceSKILL.md
55curl -s -X POST https://api.notion.com/v1/pages \
low line 73

External URL reference

SourceSKILL.md
73curl -s -X POST https://api.notion.com/v1/pages \
low line 91

External URL reference

SourceSKILL.md
91curl -s -X POST https://api.notion.com/v1/pages \
low line 99

External URL reference

SourceSKILL.md
99"Source": {"url": "https://example.com"},
low line 110

External URL reference

SourceSKILL.md
110curl -s -X POST https://api.notion.com/v1/pages \
low line 129

External URL reference

SourceSKILL.md
129curl -s -X POST https://api.notion.com/v1/data_sources/TASKS_DS_ID/query \
low line 142

External URL reference

SourceSKILL.md
142curl -s -X POST https://api.notion.com/v1/data_sources/TASKS_DS_ID/query \
low line 154

External URL reference

SourceSKILL.md
154curl -s -X POST https://api.notion.com/v1/search \
low line 164

External URL reference

SourceSKILL.md
164curl -s -X POST https://api.notion.com/v1/data_sources/PROJECTS_DS_ID/query \
low line 177

External URL reference

SourceSKILL.md
177curl -s -X POST https://api.notion.com/v1/pages \
low line 197

External URL reference

SourceSKILL.md
197curl -s -X PATCH https://api.notion.com/v1/pages/PAGE_ID \
low line 211

External URL reference

SourceSKILL.md
211curl -s -X PATCH https://api.notion.com/v1/blocks/PAGE_ID/children \
Scanned on Jun 6, 2026
View Security Dashboard
Installation guide →
GitHub Stars 5
Rate this skill
Categorymarketing
UpdatedJune 15, 2026
openclawapicontent-marketerproject-managergrowth-marketernotionmarketingproject management
bdmorin/the-no-shop