ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Mineru Pdf

v1.0.0

Parse PDF documents with MinerU MCP to extract text, tables, and formulas. Supports multiple backends including MLX-accelerated inference on Apple Silicon.

0· 765·6 current·6 all-time
by@etoile04
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included files and instructions: the SKILL.md and parse.py call MinerU components (via uvx/mcp-mineru or direct Python), and the declared required binary (uvx) is actually used in examples. There are no unrelated binaries or unexpected credential requests.
Instruction Scope
Instructions focus on parsing PDFs and saving outputs. parse.py reads a user-supplied PDF and writes parsed files to an output directory (persistent storage). Note: examples use absolute local paths (e.g., /Users/lwj04/...), and test.sh has a default PDF path under .openclaw/media/inbound — running the test.sh unmodified could act on that inbound file. This behavior is expected for a parsing tool but users should be aware it writes persistent files and that example paths are hard-coded.
Install Mechanism
No registry install spec is required by the platform; SKILL.md recommends installing via uvx / mcp-mineru (a package-managed installation). There are no downloads from unknown URLs or archive extractions in the skill files themselves.
Credentials
The skill declares no environment variables or credentials and only depends on the uvx binary and the MinerU Python package. That is proportionate for a PDF-parsing wrapper which either invokes uvx/mcp-mineru or imports mineru modules.
Persistence & Privilege
always is false and the skill does not request elevated system-wide privileges or modify other skills' configs. It writes output files to user-specified directories (intentional persistence), which is expected for this use case.
Assessment
This skill appears to do what it says: parse PDFs via MinerU MCP or the included Python wrapper. Before installing or running it: (1) ensure you trust the uvx/mcp-mineru package source and be aware that model downloads may occur on first use; (2) run parse.py with an explicit output_dir to avoid accidental writes to sensitive locations; (3) do not run test.sh without inspecting or replacing its default PDF path (it points to an inbound media file under ~/.openclaw); and (4) if you need stronger isolation, run the tool in a sandbox or VM since it will create persistent files and may download model artifacts.

Like a lobster shell, security has layers — review code before you run it.

latestvk975981v5yt5nvbabd4semwbt1813xep

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📄 Clawdis
Binsuvx

Comments