ClawHub
Back to skill

Security audit

mineru-agent-free

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it sends user-selected documents or URLs to MinerU’s remote parsing API and returns Markdown, with no evidence of hidden persistence, credential access, or destructive behavior.

Install only if you are comfortable sending selected documents or provided URLs to MinerU’s remote service for parsing. Avoid confidential, regulated, or proprietary files unless your policy allows that service, and treat the returned Markdown as untrusted document content rather than instructions for the agent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Tainted flow: 'file_url' from requests.post (line 105, network input) → requests.put (network output)

Medium
Category
Data Flow
Content
# 2. PUT 上传文件到 OSS
    with open(file_path, "rb") as f:
        put_resp = requests.put(file_url, data=f)
        if put_resp.status_code not in (200, 201):
            print(f"文件上传失败, HTTP {put_resp.status_code}", file=sys.stderr)
            return None
Confidence
95% confidence
Finding
put_resp = requests.put(file_url, data=f)

Tainted flow: 'md_url' from requests.get (line 44, network input) → requests.get (network output)

Medium
Category
Data Flow
Content
if state == "done":
            md_url = data["markdown_url"]
            print(f"[{elapsed}s] 解析完成", file=sys.stderr)
            md_resp = requests.get(md_url)
            md_resp.encoding = "utf-8"
            return md_resp.text
Confidence
94% confidence
Finding
md_resp = requests.get(md_url)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill instructs use of a script that performs network access to a third-party API and writes output files, but the skill metadata does not declare corresponding permissions. This creates a transparency and governance gap: an agent may transmit document contents externally or write files locally without clear upfront disclosure or policy enforcement.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The trigger condition is very broad and can activate on ordinary requests involving document reading, OCR, or extraction, increasing the chance that sensitive local files or private URLs are sent to the external MinerU service unintentionally. In this skill's context, broad activation is more dangerous because the action involves third-party network transmission of user-supplied content.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill describes a remote parsing API but does not warn users that local files or provided URLs will be transmitted to a third-party service for processing. This is a significant privacy and data-handling issue because users may assume parsing is local, and documents can contain confidential, regulated, or proprietary information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal