Notion-MCP-Server-SSE
Verified Safeby ContexaAI
Overview
Implements an MCP server for the Notion API, allowing LLMs to interact with Notion pages, databases, and blocks.
Installation
npx -y @notionhq/notion-mcp-serverEnvironment Variables
- OPENAPI_MCP_HEADERS
- BASE_URL
Security Notes
The server parses `OPENAPI_MCP_HEADERS` from environment variables, which includes JSON parsing; this is handled with basic error checking. The `HttpClient` for file uploads uses `fs.createReadStream` with paths provided in tool arguments. While the expectation is for LLMs to provide 'absolute paths to local files' (as per documentation), this pattern could potentially be exploited by a malicious LLM prompt to read or upload arbitrary files accessible to the server process. There's no explicit path sanitization or restriction on `filePath` content before `fs.createReadStream`. The `eval` statement in `OpenAPIToMCPConverter` is commented out, which is good. CORS is enabled for all origins, which is common for API servers but might be a minor concern in certain deployment scenarios.
Similar Servers
typingmind-mcp
A server for managing and integrating Model Context Protocol (MCP) servers with TypingMind, enabling custom AI model connections.
better-notion-mcp
Provides a Markdown-first MCP server for Notion, optimizing Notion API interactions for AI agents by consolidating endpoints into composite actions and reducing LLM token overhead for tool descriptions.
comptext-mcp-server
Provides token-efficient access to Domain-Specific Language (DSL) documentation stored in Notion for LLM interactions.
memory-mcp-server
Provides long-term memory and context storage/retrieval for Large Language Models (LLMs) via an API, adhering to the Model Context Protocol (MCP).