notion

SUSPICIOUS. The skill's capabilities fit its stated Notion purpose, and the CLI comes from an official npm package tied to the same publisher, so this is not overt malware. But all authentication and API activity are routed through Membrane rather than directly to Notion, creating a third-party credential/data trust boundary, and the unpinned global CLI install adds moderate supply-chain risk.