ClawHub

Notion CLI + MCP

v1.1.0

Notion via notion-cli — a Rust CLI + MCP server for Notion API 2025-09-03+. Safety-first agent integration with rate limiting, response-size cap, untrusted-s...

0· 23·0 current·0 all-time
by@0xarkstar
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binary (notion-cli), and required env var (NOTION_TOKEN) all align with a Notion CLI + MCP integration. The features described (MCP stdio, rate limiting, response cap, dry-run) are plausible and relevant to the stated purpose.
Instruction Scope
SKILL.md sticks to Notion operations, install guidance, and run-time flags. It instructs creating a Notion integration and exporting NOTION_TOKEN, documents read-only default behavior and an explicit --allow-write gate for writes, and provides a --check-request dry-run. It does not instruct reading unrelated files, other env vars, or exfiltrating data to unexpected endpoints.
Install Mechanism
This is an instruction-only skill (no install spec). The README recommends installing the binary via cargo (crates.io) or using prebuilt releases/Homebrew with published checksums on GitHub. That is reasonable, but installing from crates.io / downloading binaries still requires the user to verify authenticity (checksums, repo trust).
Credentials
Only NOTION_TOKEN is required, which is appropriate for the Notion API. The instructions explicitly advise least-privilege scopes. No unrelated credentials or config paths are requested.
Persistence & Privilege
always:false and default autonomous invocation are appropriate. The skill does not request permanent platform-wide privileges. The SKILL.md does mention an append-only JSONL audit log for writes (expected for auditing) but does not request system-level configuration changes.
Assessment
This skill appears coherent, but take these practical precautions before installing: 1) Verify the project source (GitHub repo) and release checksums before installing prebuilt binaries; if using cargo, review the crate and its recent changes. 2) Use a least-privilege Notion token (only grant scopes the workflow needs) and avoid exporting long-lived tokens in shared shells; consider ephemeral or scoped tokens and rotate/revoke if needed. 3) Don’t enable MCP write mode or pass --allow-write unless you trust the agent and environment; by default the tool is read-only. 4) Ask where the append-only JSONL audit file is stored and ensure its file permissions are appropriate (it may contain metadata about writes). 5) Run the binary in a confined environment (container or limited user account) if you want extra isolation. If you need higher assurance, request the binary source and audit its code or build from a pinned commit and verified release artifacts.

Like a lobster shell, security has layers — review code before you run it.

agent-safetyvk971aczs7j3s0trzvgpxdpbjvd851av7clivk971aczs7j3s0trzvgpxdpbjvd851av7data-sourcevk971aczs7j3s0trzvgpxdpbjvd851av7databasevk971aczs7j3s0trzvgpxdpbjvd851av7latestvk971aczs7j3s0trzvgpxdpbjvd851av7mcpvk971aczs7j3s0trzvgpxdpbjvd851av7notionvk971aczs7j3s0trzvgpxdpbjvd851av7productivityvk971aczs7j3s0trzvgpxdpbjvd851av7rustvk971aczs7j3s0trzvgpxdpbjvd851av7wikivk971aczs7j3s0trzvgpxdpbjvd851av7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📝 Clawdis
Binsnotion-cli
EnvNOTION_TOKEN

Comments