notion

SUSPICIOUS. The skill’s capabilities fit its stated Notion-management purpose and its network destination appears to be official Notion MCP/API infrastructure, but it relies on a non-official third-party CLI installed from an unpinned GitHub Go module and then forwards Notion credentials to that tool. That makes this primarily a supply-chain and credential-forwarding risk rather than confirmed malicious behavior.