ClawHub

MinerU zero-setup document extraction — convert PDFs, images, Word, and PowerPoint to Markdown instantly. No login, no token, no configuration. Just run and get results

Security checks across malware telemetry and agentic risk

Overview

This document-conversion skill appears useful, but it should be reviewed because it can send local documents or URLs to an external MinerU API without clearly warning users.

Install only if you trust MinerU/OpenDataLab and are comfortable with selected documents or URLs being processed by an external service. Avoid confidential files, internal URLs, and links containing tokens unless you have confirmed the service's privacy behavior, and specify an output path or clean up ~/MinerU-Skill outputs after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The `read_when` entries are very broad and overlap with common, generic tasks like reading PDFs or converting documents. In an agent environment, this can cause the skill to activate for many unrelated document-handling requests, increasing the chance that local files or remote documents are processed by this external CLI without sufficiently explicit user intent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill advertises support for remote URLs and 'no login/no token' extraction but does not warn that documents or fetched content may be transmitted to an external service. This creates a meaningful privacy and data-handling risk, especially if an agent uses the tool on sensitive internal URLs or private documents under the assumption that processing is purely local.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The examples and agent guidance explicitly encourage passing URLs directly to `flash-extract` but omit any privacy, SSRF-like, or network-transmission warning. In practice, this can lead an agent to fetch and submit internal, pre-signed, or otherwise sensitive URLs to a third-party service, exposing confidential data or tokens embedded in URLs.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal