note-refine

SUSPICIOUS: the skill's read/write document behavior matches its stated note-polishing purpose, but it depends on a non-official, weakly verified yuque-mcp server that holds a Yuque personal token and mediates all document access. The main risk is supply-chain and credential forwarding to community server code, not overt malicious behavior in the skill instructions.