yuque-group-meeting-notes

The skill's behavior and described network calls are consistent with a legitimate meeting-notes archiving tool. The main security concern is the intermediary MCP and the requirement to supply a group Token: if the MCP service is untrusted or compromised, it could capture meeting content and credentials. There is no evidence of obfuscated or malicious code within the provided description, no local credential harvesting, and no remote code execution patterns. Recommend validating and controlling the yuque-mcp deployment, enforcing least-privilege tokens, and adding explicit instructions for redacting or handling sensitive information before upload.