Advanced escape hatch: paginate any Notion API list/query endpoint that returns results/has_more/next_cursor.
AI agents invoke notion_api_paginate to trigger actions in Notion DB MCP Helper. What it does depends on the arguments the agent supplies, and its effects often reach beyond the immediate call — builds kicked off, notifications sent, workflows started.
While pagination is typically a read operation, the description explicitly calls this an 'escape hatch' that works with 'any' Notion API list/query endpoint. This open-ended nature means it could be directed at endpoints with side effects.
From the tool's definition 'Advanced escape hatch: paginate any Notion API list/query endpoint' — the tool can target *any* Notion API endpoint, not just read-only ones, making its actual effect dependent on the arguments provided.
Attacks that exploit this kind of access
Advanced escape hatch: paginate any Notion API list/query endpoint that returns results/has_more/next_cursor. It is categorised as a Execute tool in the Notion DB MCP Helper MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.
Register the Notion DB MCP Helper MCP server in PolicyLayer and add a rule for notion_api_paginate: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Notion DB MCP Helper. Nothing to install.
notion_api_paginate is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.
Yes. Add a rate_limit block to the notion_api_paginate rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for notion_api_paginate. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
notion_api_paginate is provided by the Notion DB MCP Helper MCP server (trisetiohidayat/notion-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →