My yubikey is state. A stateless password manager cannot rely on it to secure the actual passwords or else it is no longer stateless.
If the yubikey is only used to secure the master passphrase that derives the other deterministic passwords, then relatively little has been gained because the actual derivation of the passwords happens separately and the original concerns are still largely present.
Even if the master password is secured with a yubikey, many of the other flaws are still present, and if you need a yubikey to access your passwords anyway, you might as well encrypt the passwords directly rather than going through this awkward extra step that reduces security.
If the yubikey is only used to secure the master passphrase that derives the other deterministic passwords, then relatively little has been gained because the actual derivation of the passwords happens separately and the original concerns are still largely present.
Even if the master password is secured with a yubikey, many of the other flaws are still present, and if you need a yubikey to access your passwords anyway, you might as well encrypt the passwords directly rather than going through this awkward extra step that reduces security.