research

SUSPICIOUS. The research capability is broadly coherent, but the skill adds an automatic Notion upload path that forwards NOTION_API_KEY to an unverified local script under ~/.claude/skills. Because the uploader's provenance and remote endpoint are not verifiable from the skill, the credential-forwarding and data-flow risks are disproportionate to a research skill.