Security Audit
21-DOT-DEV/openclaw-skills:skills/notion-cli
github.com/21-DOT-DEV/openclaw-skillsTrust Assessment
21-DOT-DEV/openclaw-skills:skills/notion-cli received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned Third-Party Supply Chain Risk.
The analysis covered 4 layers: manifest_analysis, llm_behavioral_safety, dependency_graph, static_code_analysis. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 8, 2026 (commit fb9baad0). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned Third-Party Supply Chain Risk The skill instructs the installation of a package named 'notion-cli' from npm without version pinning or author verification. 'notion-cli' is a generic name likely to be targeted for typosquatting or takeover. Additionally, the skill relies on a third-party personal repository (salmonumbrella) for handling sensitive Notion authentication tokens, rather than an official SDK or API integration. Pin the dependency to a specific version and verify the npm package owner matches the intended GitHub repository. Preferably, use the official Notion API directly within the skill code to avoid external binary dependencies. | Unknown | SKILL.md:38 |
Scan History
Embed Code
[](https://skillshield.io/report/e14316332330fc60)
Powered by SkillShield