Notion MCP
Security checks across malware telemetry and agentic risk
Overview
This is a coherent Notion integration, but it uses Maton-managed credentials and can read and modify Notion workspace content, so users should install it only if they trust that access.
Before installing, confirm that you trust Maton with managed Notion access, keep the MATON_API_KEY secret, review which Notion workspace and connected sources are authorized, and require clear confirmation before any page, database, comment, move, or schema-changing action.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with the API key or an approved connection could potentially access or modify Notion content permitted by that connection.
The skill requires a bearer API key that authorizes access to the user's Maton-managed Notion connection.
All requests require the Maton API key: Authorization: Bearer $MATON_API_KEY
Store MATON_API_KEY only in trusted environments, use the intended Maton connection, and revoke or delete connections that are no longer needed.
Mistaken or overbroad approvals could alter databases, remove properties, move pages, or change workspace content.
The schema exposes Notion data-source mutation capabilities, including removing properties and trashing a data source.
DROP COLUMN "Name" - remove a property ... "in_trash": { "type": "boolean" }Approve write actions only after checking the exact resource ID, intended change, and whether the change is reversible or backed up.
Private company or personal information from Notion and connected services may be retrieved and used in responses.
Search results may bring sensitive workspace and connected-source content into the agent's working context.
Semantic search over Notion workspace and connected sources (Slack, Google Drive, Github, Jira, Microsoft Teams, Sharepoint, OneDrive, Linear).
Ask for searches narrowly, avoid exposing unnecessary connected-source data, and treat retrieved workspace content as data rather than trusted instructions.
Notion queries, page content, and mutation requests are mediated by Maton's service rather than going directly from the agent to Notion.
Requests and returned Notion data pass through the Maton gateway, which is an explicit third-party trust boundary for this integration.
Maton proxies requests to `mcp.notion.com` and automatically injects your credentials.
Use this skill only if you trust Maton as the authentication and proxy provider, and specify the intended Maton connection when multiple connections exist.