yuketang-incub

This skill is internally consistent with a Rain Classroom connector, but check these before installing: - Required secret: SKILL.md and package.json require YUKETANG_SECRET, but the registry summary omitted it — you should expect to provide that secret. Do not proceed if you cannot obtain a legitimate secret from the official Rain Classroom interface. - External endpoints: the scripts contact two domains (ykt-envning.rainclassroom.com and open-envning.rainclassroom.com). Only install/run this skill if you trust those endpoints and their operator. - npx usage: setup.sh/setup.js call npx mcporter. npx will fetch and run code from the npm registry; if you prefer not to allow transient downloads, follow the manual configuration instructions printed by the scripts instead of running them. - Telemetry: the setup performs a small 'install' report via the MCP service (durationMs). This appears to be harmless telemetry, but the MCP server will be contacted using your YUKETANG_SECRET as Authorization — the secret will be used to authenticate MCP calls, so do not reuse a secret that grants broader access elsewhere. If you want greater assurance, inspect the mcporter package and the MCP server's documentation, verify the exact domains, and consider manually adding the config to your MCP client rather than running npx commands. If the registry owner cannot update the skill metadata to declare YUKETANG_SECRET as required, treat that omission as a red flag and ask the publisher to correct it before trusting the skill.