Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/notion-enterprise-rbac/Gen Agent Trust Hub

notion-enterprise-rbac

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references standard and official dependencies for interacting with the Notion API.
  • Mentions the installation of @notionhq/client via npm, which is the official Notion JavaScript SDK.
  • Mentions the installation of notion-client via pip, a standard community client for Python.
  • [COMMAND_EXECUTION]: The skill provides code examples for standard API interactions.
  • Includes TypeScript and Python examples for performing OAuth 2.0 token exchanges with Notion's official API endpoint (api.notion.com).
  • Demonstrates secure communication using standard HTTP methods for integration purposes.
  • [SAFE]: The skill follows and encourages industry-standard security practices.
  • Implements CSRF (Cross-Site Request Forgery) protection by generating and verifying a state parameter during the OAuth flow.
  • Explicitly advises developers to encrypt access tokens at rest and use environment variables for sensitive credentials like CLIENT_ID and CLIENT_SECRET.
  • Includes robust error handling for common API security scenarios, such as revoked tokens or insufficient permissions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 04:41 PM