Notion mcp
AdvisoryAudited by Static analysis on May 5, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used incorrectly, the agent could create or change Notion pages, databases, comments, or workspace content.
The skill exposes tools that can mutate shared Notion content, but it also discloses the impact and instructs the agent to confirm user intent before writes.
Write operations (`notion-create-pages`, `notion-update-page`, `notion-move-pages`, ... `notion-create-comment`, and broad workspace changes) modify Notion content visible to the connected workspace. Confirm clear user intent before invoking write tools
Only approve write actions when the target page/database and intended change are clear; consider asking the agent to show the current record before modifying it.
Installing and configuring this skill delegates Notion workspace access to the agent through stored OAuth credentials.
The script seeds a local mcporter OAuth vault with Notion access and refresh tokens so the skill can act as the authorized integration.
mcp_vault="${HOME}/.mcporter/credentials.json" ... tokens: {access_token: env.mcp_access, refresh_token: env.mcp_refresh, token_type: "Bearer"}Use the least-privileged Notion OAuth grant available, keep the environment tokens secret, and revoke the integration if you no longer need it.
A future mcporter release could change behavior or introduce a supply-chain issue that affects this skill.
The dependency is central to the skill and disclosed, but installing npm latest means the installed code may change over time.
Auto-installed via `npm install -g --ignore-scripts mcporter` if missing on PATH ... The install spec uses unpinned `mcporter` (npm `latest`)
For stricter environments, pin mcporter to a reviewed version and install from a trusted package source.
Relevant Notion workspace content may be sent through Notion's hosted MCP endpoint and included in the agent's working context.
The skill sends Notion-related requests and referenced workspace content to an external hosted MCP service; this is disclosed and purpose-aligned.
Tool calls travel to Notion's hosted MCP service at `https://mcp.notion.com/mcp` over HTTPS, authenticated via OAuth. Notion sees the workspace content referenced by each call.
Use the skill only for Notion tasks and avoid passing unrelated sensitive information through Notion MCP calls.