style-extract

SUSPICIOUS: the skill's document-reading and profile-writing behavior fits its stated purpose, but trust is weakened because it depends on a non-verified community yuque-mcp server that receives a Yuque personal token and mediates access to private content. This is not confirmed malware, but it carries medium security risk due to third-party credential forwarding and unclear publisher provenance.