mineru-pdf-converter

Overall the skill is functionally aligned with PDF-to-Markdown conversion and appears to use official MinerU endpoints, so it is not clearly malicious. The main risks are the documented built-in API key, local secret-file handling, and ambiguous SSL/proxy bypass behavior; these make the skill suspicious from a credential and transport-security standpoint rather than benign.