paper-parser-skill
PassAudited by ClawScan on May 10, 2026.
Overview
This skill is transparent about installing a PyPI CLI, using a MinerU API token, and uploading selected PDFs for parsing, but users should verify the package and avoid confidential documents.
Before installing, verify the PyPI/GitHub package and version, use an isolated Python environment if possible, store the MinerU token carefully, and only parse PDFs that you are comfortable sending to MinerU.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package will run third-party Python package code on the user's machine.
The skill directs users to install third-party PyPI code, and the documented install version differs from the skill version. This is disclosed and user-directed, but users should verify the package and intended version before installing.
version: 0.1.4 ... pip install paper-parser-skill==v0.1.3
Review the PyPI package and GitHub source, use a virtual environment or container, and confirm the intended version before installing.
Anyone with access to the config file could potentially use the MinerU token, and the token enables PDF parsing requests to MinerU.
The skill requires a MinerU API token in its configuration. This credential use is expected for the stated parsing service and is clearly documented.
MINERU_API_TOKEN: "your_token_here" # Required for parsing
Use a dedicated, revocable token with minimal scope and keep the config file protected with appropriate file permissions.
PDF contents and paper metadata may be processed outside the user's machine by MinerU.
The skill sends documents and metadata to an external provider. This is central to the stated cloud parsing purpose and is disclosed, but it affects document privacy.
This skill transmits PDF files and paper metadata to MinerU (opendatalab) for layout analysis and Markdown conversion.
Only submit papers you are allowed to share with MinerU, and avoid unpublished, confidential, or sensitive documents unless MinerU's policies are acceptable.