Notion Mcp Skill

v1.0.1

Operate Notion workspace content through Notion MCP using the UXC CLI, including search, fetch, users/teams lookup, page/database creation and updates, and c...

⭐ 0· 355·3 current·3 all-time

by@jolestar

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description describe Notion MCP operations and the skill only requires use of the 'uxc' CLI and network access to mcp.notion.com/mcp; these are expected for the stated functionality and no unrelated credentials or services are requested.

✓

Instruction Scope

SKILL.md limits runtime actions to discovery, OAuth via uxc, reading/fetching/searching, and guarded write flows with explicit user confirmation; it instructs the agent to ask the user to paste the OAuth callback URL (contains auth code/state), which is appropriate for an interactive OAuth flow and is explicitly constrained (do not ask for bearer tokens).

✓

Install Mechanism

This is instruction-only with no install spec. The skill assumes 'uxc' is already installed in PATH; no downloads or archive extraction are performed by the skill itself.

✓

Credentials

No environment variables, credentials, or config paths are required by the skill. OAuth is handled by 'uxc' and the skill does not request unrelated secrets or broad system access.

✓

Persistence & Privilege

Skill does not request always:true, does not modify other skills' configurations, and contains no persistent installation steps. Autonomous invocation remains enabled by platform default but the skill itself is not forcing persistent presence.

Assessment

This skill appears to do what it says: it relies on your locally installed 'uxc' CLI to perform OAuth and Notion MCP calls and asks you to paste the browser callback URL (which will contain an authorization code). Before installing/use: ensure the 'uxc' binary is from a trusted source, verify network calls target mcp.notion.com/mcp, and be prepared to confirm any write operations (the skill requires explicit confirmation). The callback URL you paste contains an auth code — that's expected for the OAuth flow; do not paste raw bearer tokens or secrets into chat. If you want to avoid any automated actions, keep autonomous agent invocation disabled or confirm prompts before allowing writes.

Like a lobster shell, security has layers — review code before you run it.

latestvk977zhdv94x65wzs86ksj1yprd82em2k

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Notion Mcp Skill

License

Comments