PPTX Analysis

Name/description match what is requested: the skill requires the mineru-open-api CLI and (optionally) a MINERU_TOKEN for full analysis. Those requirements are proportionate to a MinerU-based PPTX analysis tool.

Runtime instructions only call the mineru-open-api binary on local files or URLs and describe auth via MINERU_TOKEN. This is appropriate, but the SKILL.md implies that full 'extract' uses the MinerU service (token + API) so files may be uploaded to mineru.net for processing — consider privacy implications. The quick 'flash-extract' is documented as tokenless and limited (10 MB / 20 pages).

Install methods are npm (mineru-open-api) or go install from a GitHub repo — both are standard distribution channels. These are reasonable but installing global npm binaries or go-installed CLIs runs third-party code on disk; verify the package source and review the CLI if you require stricter assurance.

Only MINERU_TOKEN is requested as an environment credential and is declared as the primary credential. That lines up with the documented need for an authenticated full 'extract' operation; no unrelated credentials are requested.

The skill does not request always:true or other elevated platform privileges and is user-invocable. It does not modify other skills or system-wide settings according to provided metadata.