Scan Report
15 /100
pptx-ocr
OCR for PowerPoint (.pptx) presentations with scanned or image-embedded slide content
Documentation-only skill wrapping a legitimate open-source CLI tool (MinerU) with no hidden functionality or malicious code.
Safe to install
This skill is safe to use. Ensure MINERU_TOKEN is kept confidential and verify the mineru-open-api package source before installation.
Findings 2 items
| Severity | Finding | Location |
|---|---|---|
| Low | External package dependency | SKILL.md:15 |
| Info | API token required | SKILL.md:31 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | SKILL.md: Extracts .pptx files |
| Network | READ | READ | ✓ Aligned | SKILL.md: Supports URL input for extraction |
| Environment | READ | READ | ✓ Aligned | SKILL.md: Uses MINERU_TOKEN for API auth |
| Shell | NONE | NONE | — | No shell commands in SKILL.md |
2 findings
Medium External URL 外部 URL
https://mineru.net SKILL.md:4 Medium External URL 外部 URL
https://mineru.net/apiManage/token SKILL.md:39 File Tree
1 files · 2.6 KB · 55 lines Markdown 1f · 55L
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
mineru-open-api | * | npm/go | No | External CLI tool - verify package authenticity |
Security Positives
✓ No executable scripts or code present - documentation only
✓ Uses legitimate open-source project (MinerU by OpenDataLab/Shanghai AI Lab)
✓ All capabilities clearly declared in SKILL.md
✓ No credential harvesting beyond required API authentication
✓ No network exfiltration or suspicious data transfer
✓ No hidden HTML comments or obfuscated code