notion-market-publish-skill

This script is a credential-extraction utility for Notion: it fetches browser cookies from a Chrome instance via the DevTools Protocol and writes them in plaintext to local files. The code does not itself exfiltrate data over the network, but it performs sensitive actions (cookie harvesting) and auto-installs dependencies at runtime, which increases supply-chain risk. If run by a user (especially without understanding), it can be abused to capture session cookies and enable account takeover. Use caution: only run in trusted environments and avoid storing cookies in plain text. Consider requiring explicit user consent and protecting stored credentials.