Problem
The Notion API returns a public_url field on every page object (null if not shared to web, or the URL string if it is). The Claude Notion plugin / remote MCP connector does not surface this field in its response metadata when fetching pages.
Use Case
Security audits — programmatically scanning a Notion workspace to detect pages that are accidentally published to the web, especially those containing sensitive data (client lists, credentials, PII).
Without public_url in the response, it's impossible to determine a page's public sharing status through the MCP tools. We initially filed a feature request on the SDK repo (notion-sdk-js#700) before realizing the data already exists in the API — it's just not exposed through the MCP/plugin layer.
Proposed Solution
Include public_url in the metadata returned by the fetch tool and search results:
{
"metadata": {
"type": "page",
"public_url": null
}
}Related
Problem
The Notion API returns a
public_urlfield on every page object (nullif not shared to web, or the URL string if it is). The Claude Notion plugin / remote MCP connector does not surface this field in its response metadata when fetching pages.Use Case
Security audits — programmatically scanning a Notion workspace to detect pages that are accidentally published to the web, especially those containing sensitive data (client lists, credentials, PII).
Without
public_urlin the response, it's impossible to determine a page's public sharing status through the MCP tools. We initially filed a feature request on the SDK repo (notion-sdk-js#700) before realizing the data already exists in the API — it's just not exposed through the MCP/plugin layer.Proposed Solution
Include
public_urlin the metadata returned by the fetch tool and search results:{ "metadata": { "type": "page", "public_url": null } }Related