wenyan-formatter

Overall suspicious rather than malicious. Local formatting behavior is coherent, but the optional publish-via-server path introduces a third-party proxy that is not inherently necessary for markdown rendering and can route draft content plus credentials/API keys through arbitrary infrastructure. npx-based runtime install adds moderate supply-chain risk, but there is no clear evidence of malware or covert exfiltration beyond the documented proxy pattern.