note-article

SUSPICIOUS: The skill’s capabilities mostly match its stated purpose and its publish guardrails are strong, but it relies on a third-party GitHub-hosted MCP server using unofficial note.com APIs and authenticated browser sessions. That supply-chain trust issue is the main concern; the rest of the data flows are broadly proportionate to article drafting and posting.