Well yubikey tools were good in the beginning but than they closed the source code they use on their hardware (for security reasons!). Simply they say if you want a good security you need to trust us but we know that things dont work that way. These kind of devices should be open source for audit. Thats the only 'real' way to build trust. Good hunt though!