knowledge-connect

SUSPICIOUS. The skill's read/search/analyze/update capabilities fit its stated Yuque note-linking purpose, and the optional document edits are gated by user confirmation. The main concern is trust in the external yuque-mcp server: the skill names no official publisher, multiple unrelated implementations exist, and the user's Yuque token must be forwarded to that third-party code. Risk is therefore driven more by ambiguous dependency provenance than by the skill logic itself.