notion-im-helper Security Report — Trusted | ClawSafe

5 /100

notion-im-helper

Sync IM messages to Notion via Notion API. Supports 7 content types (diary, note, todo, idea, question, quote, link) and 4 formats (heading, quote, divider, list). Append-only to a single authorized Notion page.

A legitimate Notion API integration tool with no malicious behavior. All network requests go exclusively to the official Notion API. Credentials are read from environment variables and used only for API authentication. No shell execution, credential harvesting, data exfiltration, or hidden functionality observed.

Skill Namenotion-im-helper

Duration37.4s

Enginepi

✓

Safe to install

No action needed. The skill is safe to use.

Findings 2 items

Severity	Finding	Location
Low	Unpinned dependency config.yaml documents 'pip install notion-client' without a version pin, leaving the install open to supply-chain drift `pip install notion-client` → Pin to a known version, e.g. 'pip install notion-client==2.2.1', to ensure reproducible and secure installs	`config.yaml:35`
Info	External URL in user-facing guidance check_config.py contains a hardcoded URL to notion.so/my-integrations presented as part of the first-run setup guide `→ 打开 https://www.notion.so/my-integrations` → No action needed; this is legitimate documentation and the URL points to Notion's own site	`scripts/check_config.py:14`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	sys.path.insert, open calls only — all read-only file operations within the skil…
Network	`READ`	`WRITE`	✓ Aligned	All network requests target https://api.notion.com/v1 exclusively — the official…
Shell	`WRITE`	`WRITE`	✓ Aligned	SKILL.md declares subprocess/CLI usage via argparse. record.py calls sys.argv pa…
Environment	`NONE`	`READ`	✓ Aligned	Reads NOTION_API_KEY and NOTION_PARENT_PAGE_ID from os.environ — only for legiti…
Skill Invoke	`NONE`	`WRITE`	✓ Aligned	record.py implements toggle JSON parsing from stdin/args; undo command deletes l…
Clipboard	`NONE`	`NONE`	—	No clipboard access found
Browser	`NONE`	`NONE`	—	No browser automation found
Database	`NONE`	`WRITE`	✓ Aligned	Appends blocks to a single Notion page via PATCH, reads via GET, deletes last bl…

2 findings

🔗

Medium External URL 外部 URL

https://www.notion.so/my-integrations

scripts/check_config.py:14

🔗

Medium External URL 外部 URL

https://api.notion.com/v1

scripts/notion_client.py:12

File Tree

9 files · 31.8 KB · 1076 lines

Python 5f · 798L Markdown 2f · 180L YAML 1f · 90L JSON 1f · 8L

├─ ▾ 📁 scripts

│ ├─ 🐍 check_config.py Python 42L · 1.3 KB

│ ├─ 🐍 daily_summary.py Python 143L · 4.3 KB

│ ├─ 🐍 notion_client.py Python 141L · 4.5 KB

│ ├─ 🐍 record.py Python 338L · 9.5 KB

│ └─ 🐍 search_notes.py Python 134L · 3.7 KB

├─ 📋 _meta.json JSON 8L · 306 B

├─ 📝 CLAUDE.md Markdown 99L · 3.7 KB

├─ 📋 config.yaml YAML 90L · 1.9 KB

└─ 📝 SKILL.md Markdown 81L · 2.7 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`notion-client`	`*`	pip (unpinned)	No	Dependency declared in config.yaml install step without version constraint

Security Positives

✓ All network traffic is exclusively to api.notion.com — no third-party endpoints or hardcoded IPs

✓ API credentials are read from environment variables and never leave the Notion API boundary

✓ Append-only design: only the configured PAGE_ID is modified, no arbitrary page access

✓ No subprocess, no shell injection, no eval(), no base64 decoding

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env files)

✓ No hidden HTML comments, no steganography, no obfuscation

✓ Standard urllib.request with retry logic — no suspicious HTTP client libraries

✓ search_notes.py uses the official Notion Search API (POST /search) — no raw scraping

✓ undo is the only delete operation and it is explicitly documented in SKILL.md

Scan Report

Findings 2 items

File Tree

Dependencies 1 items

Security Positives