Yuque
PassAudited by ClawScan on May 1, 2026.
Overview
This Yuque skill appears aligned with its stated purpose, but it needs a Yuque API token and can change knowledge-base documents, so users should limit the token and review write actions.
Install only if you intend the agent to access Yuque. Provide a limited Yuque token, confirm any create or update request before it runs, and do not run missing helper scripts from outside this package unless you review them first.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the token is broad, the agent may access or modify personal and team Yuque content within that token's permissions.
The skill requires a Yuque account token, which is expected for the service but gives the agent whatever Yuque account and workspace permissions that token has.
Yuque API Token (stored in environment variable `YUQUE_TOKEN`)... All API requests require an `X-Auth-Token` header with your Yuque token.
Use a dedicated, least-privilege Yuque token when possible, avoid sharing it in prompts or logs, and revoke or rotate it when no longer needed.
A mistaken namespace, document ID, or prompt could create or overwrite Yuque content in a personal or team space.
The included client can create and update Yuque documents, which is purpose-aligned but can mutate shared knowledge-base content.
return self._request("POST", f"/repos/{namespace}/docs", data) ... return self._request("PUT", f"/repos/{namespace}/docs/{id}", data)Confirm the target repository, document, and content before create or update operations, especially in team spaces or public repositories.
Some documented commands may fail, or a user might be tempted to obtain missing helper scripts from elsewhere without review.
SKILL.md references helper and reference files that are not included in the supplied file manifest, creating a small completeness/provenance gap for those documented commands.
`scripts/parse_yuque.py` - Parse Yuque HTML to Markdown; `scripts/search_yuque.py` - Search documents in repositories; `references/examples.md`
Use the included `scripts/yuque_cli.py` for reviewed operations, and only add missing helper scripts after inspecting their source.