mmk-notion-subscription

SUSPICIOUS. The skill's stated purpose is narrow and plausible, but it depends on an unverifiable proprietary CLI and likely routes Notion/billing data through MMK-managed infrastructure instead of the official direct Notion API flow. The broad `Bash(mmk *)` permission is also disproportionate to a single read-only subscription query. No direct malware behavior is shown, but the install-trust and credential/data-flow risks are high enough to treat this skill as high-risk.