Scan Report
5 /100
soul-in-sapphire
Long-term memory, state tracking, continuity review, and identity-change support for OpenClaw using Notion as a backend
soul-in-sapphire is a legitimate Notion-backed memory/state/continuity management skill with no malicious indicators — all capabilities are declared, all network calls target the official Notion API, and subprocess usage is scoped exclusively to the notionctl bridge.
Safe to install
No action required. The skill is safe to use as documented.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | No dependency version pinning in package.json | package.json:1 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | WRITE | ✓ Aligned | SKILL.md declares local mirror writes to memory/; scripts write config.json and … |
| Network | READ | READ | ✓ Aligned | All network calls go to Notion API via notionctl bridge (documented dependency) |
| Shell | WRITE | WRITE | ✓ Aligned | execFileSync spawns node notionctl.mjs; scoped and declared in SKILL.md (Require… |
| Environment | READ | READ | ✓ Aligned | NOTION_API_KEY and NOTIONCTL_PATH read; used only for Notion auth and path resol… |
| Skill Invoke | WRITE | WRITE | ✓ Aligned | SKILL.md documents dependency on notion-api-automation; subagent-spawn-plan.js d… |
| Clipboard | NONE | NONE | — | No clipboard access in any script |
| Browser | NONE | NONE | — | No browser automation in any script |
| Database | WRITE | WRITE | ✓ Aligned | Creates and writes to Notion databases (<base>-mem, events, emotions, state, jou… |
1 findings
Medium External URL 外部 URL
https://www.notion.so/my-integrations README.md:159 File Tree
23 files · 86.4 KB · 2538 lines JavaScript 16f · 1773L
Markdown 2f · 706L
JSON 5f · 59L
├─
▾
scripts
│ ├─
bootstrap_config.js
JavaScript
│ ├─
conflict_track.js
JavaScript
│ ├─
continuity_check.js
JavaScript
│ ├─
emostate_config.js
JavaScript
│ ├─
emostate_notion.js
JavaScript
│ ├─
emostate_tick.js
JavaScript
│ ├─
identity_diff.js
JavaScript
│ ├─
input.json
JSON
│ ├─
journal_patch_schema.js
JavaScript
│ ├─
journal_write.js
JavaScript
│ ├─
ltm_common.js
JavaScript
│ ├─
ltm_search.js
JavaScript
│ ├─
ltm_write.js
JavaScript
│ ├─
notionctl_bridge.js
JavaScript
│ ├─
setup_ltm.js
JavaScript
│ ├─
state_recall.js
JavaScript
│ └─
subagent_spawn_plan.js
JavaScript
├─
▾
state
│ ├─
subagent-models.json
JSON
│ └─
subagent-models.template.json
JSON
├─
package-lock.json
JSON
├─
package.json
JSON
├─
README.md
Markdown
└─
SKILL.md
Markdown
Dependencies 2 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
node (runtime binary) | not declared | system | No | Only requires Node.js runtime; no npm packages installed |
notionctl.mjs | not pinned | sibling skill: notion-api-automation | No | Dependency is declared in SKILL.md metadata; called via execFileSync with fixed arguments |
Security Positives
✓ All file writes (config.json, memory mirrors) are explicitly declared in SKILL.md
✓ All network requests go exclusively to the official Notion API — no direct external IP connections
✓ No credential exfiltration; NOTION_API_KEY is used only for Notion authentication
✓ No sensitive path access (~/.ssh, ~/.aws, .env files are never read)
✓ No base64/eval/atob obfuscation or hidden instructions anywhere in the codebase
✓ No remote script execution (curl|bash, wget|sh) — subprocess is scoped to local notionctl.mjs only
✓ Subprocess usage is fully declared in SKILL.md metadata (requires: bins:[node])
✓ Payload validation in emostate_tick.js rejects empty/meaningless inputs, preventing noisy artifact creation
✓ Local-analysis scripts (continuity_check.js, identity_diff.js, conflict_track.js) are pure JS with no I/O beyond declared paths
✓ The skill correctly uses JSON.parse with error handling throughout