Mineru Pdf

ReviewAudited by ClawScan on May 10, 2026.

Overview

The skill mostly matches its PDF-parsing purpose, but an included test script can execute unintended Python code if run with crafted arguments.

Use the main parse.py workflow rather than test.sh, especially for files or paths from other people. Verify the external mcp-mineru package source, consider pinning versions, and be aware that user-scope MCP installation makes the parser available across Claude projects.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI05: Unexpected Code Execution

What this means

If a user or agent runs this helper script with a specially crafted PDF path or page value, it could execute unintended local Python code.

Why it was flagged

The script inserts user-controlled command-line arguments directly into Python source code executed with python -c, without quoting or validation. Crafted file paths or page arguments could alter the Python program that runs.

Skill content

PDF_FILE="${1:-...}" ... uvx --from mcp-mineru python -c "... 'file_path': '$PDF_FILE', ... 'start_page': $START_PAGE, 'end_page': $END_PAGE ..."

Recommendation

Do not use test.sh with untrusted inputs. Prefer parse.py, which uses argparse values directly, or rewrite test.sh to pass arguments safely and validate numeric page values.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Future package or model changes could affect behavior or reproducibility.

Why it was flagged

The skill relies on an external package and model downloads, and the artifacts do not pin a package or model version. This is purpose-aligned for MinerU but depends on external supply-chain provenance.

Skill content

uvx --from mcp-mineru python -m mcp_mineru.server ... Models are downloaded on first use.

Recommendation

Install from trusted sources, consider pinning the mcp-mineru version, and run it in an isolated Python environment if processing sensitive PDFs.

Low

#ASI07: Insecure Inter-Agent Communication

What this means

After user-scope installation, Claude projects may be able to invoke the parser on local PDF paths the user provides or approves.

Why it was flagged

The optional MCP setup exposes the PDF parsing tool at user scope, and the tool accepts absolute local PDF paths. This is disclosed and purpose-aligned, but it broadens where the tool can be invoked.

Skill content

claude mcp add --transport stdio --scope user mineru ... This installs and configures MinerU for all Claude projects ... `file_path` - Absolute path to the PDF file

Recommendation

Prefer project-scoped MCP installation where possible, and only parse PDFs whose contents you are comfortable exposing to the active agent session.