v1.0.5

MinerU PDF Extractor

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:49 AM.

Analysis

The skill appears to do what it claims—convert PDFs with MinerU—but it uploads selected documents to MinerU and uses an API token that should be handled carefully.

GuidanceInstall/use this only if you are comfortable sending chosen PDFs or public PDF URLs to MinerU. Store the API token securely, verify the upload and download URLs are from the expected MinerU flow, and run extraction in a dedicated folder.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

scripts/local_file_step4_download.sh

curl -L -o "$ZIP_FILENAME" "$ZIP_URL" ... unzip -q "$ZIP_FILENAME" -d "$EXTRACT_DIR"

The script downloads a result ZIP and extracts it locally; this is expected for the skill, but it writes files into the user's workspace.

User impactRunning the download step creates local ZIP and extracted result files.

RecommendationRun the scripts from a dedicated working directory and review the extracted files before reusing or sharing them.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

metadata

Required binaries (all must exist): none ... Required env vars: none ... Primary credential: none

The registry metadata omits prerequisites that SKILL.md and the scripts disclose, including MINERU_TOKEN and curl/unzip; this under-declares requirements but does not show hidden behavior.

User impactInstaller or registry views may not warn you up front that a MinerU token and local command-line tools are needed.

RecommendationThe publisher should update registry metadata to declare the API credential and required tools.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

scripts/local_file_step1_apply_upload_url.sh

-H "Authorization: Bearer ${MINERU_TOKEN}"

The script sends the configured MinerU token in API requests; this is expected for a MinerU integration, but it is a credential that can use the user's MinerU account/API quota.

User impactYour MinerU API token will be used for extraction requests.

RecommendationSet the token through environment variables, avoid sharing logs or shell history that expose related URLs, and leave MINERU_BASE_URL at the official endpoint unless you trust the alternative.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

scripts/local_file_step2_upload_file.sh

curl -X PUT "$UPLOAD_URL" --upload-file "$PDF_PATH"

The selected local PDF is uploaded to a remote presigned URL for MinerU processing; this is core functionality but means document contents leave the local machine.

User impactPDF contents may be processed and stored temporarily by MinerU or its storage/CDN providers.

RecommendationOnly process documents you are allowed to send to MinerU, and verify that upload/download URLs come from the expected MinerU workflow.