makenotion/notion-mcp-server

Minor capabilities, nothing alarming.

View source ↗

Outbound network 4

Environment variables (config / keys) 5

Runtime code evaluation 1

AI review

No prompt injection, hidden instructions, or deceptive tool descriptions found. The extension is a legitimate Notion MCP server that auto-generates tools from an OpenAPI spec, with standard environment variable usage for configuration and no exfiltration mechanisms.

Model: deepseek-chat

Static findings

Outbound network · Makes outbound network requests

info package-lock.json:13 "axios": "^1.8.4",

low package.json:24 "axios": "^1.8.4",

info src/openapi-mcp-server/client/__tests__/http-client.test.ts:15 vi.mock('openapi-client-axios', () => {

low src/openapi-mcp-server/client/http-client.ts:2 import OpenAPIClientAxios from 'openapi-client-axios'

Environment variables (config / keys) · Reads environment variables (config / API keys)

low scripts/server-options.ts:28 let enableTokenPassthrough = process.env.ENABLE_TOKEN_PASSTHROUGH === 'true'

low scripts/start-server.ts:30 const baseUrl = process.env.BASE_URL ?? undefined

low src/openapi-mcp-server/client/http-client.ts:234 if (process.env.NODE_ENV !== 'test') {

info src/openapi-mcp-server/mcp/__tests__/proxy.test.ts:193 const originalEnv = process.env

low src/openapi-mcp-server/mcp/proxy.ts:210 const headersJson = process.env.OPENAPI_MCP_HEADERS

Runtime code evaluation · Evaluates code at runtime

info src/openapi-mcp-server/openapi/parser.ts:353 // const zodSchema = eval(zodSchemaStr) as z.ZodType

Scanning every extension your team installs?

Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.

MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.