ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

MinerU PDF Parser Clawdbot Skill

v1.0.0

Parse PDFs locally (CPU) into Markdown/JSON using MinerU. Assumes MinerU creates per‑doc output folders; supports table/image extraction.

2· 2.2k·6 current·6 all-time
by@kesslerio
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description match its contents: the README, SKILL.md, and the shell script are all focused on invoking a local MinerU CLI to parse PDFs. No unrelated binaries, services, or credentials are requested.
Instruction Scope
SKILL.md instructs the agent to run scripts/mineru_parse.sh on a local PDF. The script validates the input file and checks for the MinerU CLI. It does not read or transmit other files or credentials. Note: the script accepts MINERU_EXTRA_ARGS and expands them into the command line (word splitting via shell expansion), so untrusted or user-supplied extra-arg strings could change command behavior — this is a normal tradeoff for CLI wrappers but worth awareness.
Install Mechanism
There is no install spec (instruction-only plus a helper script). Nothing is downloaded or written by the skill itself during install; the skill relies on an externally installed MinerU CLI as documented.
Credentials
The skill declares no required environment variables or credentials. It supports optional env overrides (MINERU_CMD, flag-name overrides, MINERU_EXTRA_ARGS, etc.) which are appropriate for wrapping different MinerU installations. No secret-like variables are requested.
Persistence & Privilege
The skill is user-invocable, not always-enabled, and does not modify other skills or system-wide configuration. It does not request elevated or persistent privileges.
Assessment
This skill appears to do exactly what it claims: call a local MinerU CLI to parse PDFs into Markdown/JSON and write results to a local output folder. Before installing or running: (1) ensure you have a trustworthy MinerU CLI binary installed (the skill will run whatever MINERU_CMD points to), (2) be cautious if you set MINERU_EXTRA_ARGS or override MINERU_CMD — they can change the executed command or inject unexpected arguments, (3) run the skill on non-sensitive PDFs first to confirm output and behavior, and (4) be aware MinerU may use significant CPU and disk (models can be large). No credentials or network endpoints are required by the skill itself.

Like a lobster shell, security has layers — review code before you run it.

latestvk979ea85hgwqjx710yq2wwweys7zrscc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments