Back to skill

Security audit

MinerU Doc Parser

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate document-parsing skill, but it may send local files or URLs to a remote MinerU service under broad activation triggers without a clear enough upfront warning.

Review before installing. Use it only for documents and URLs you are comfortable sending to MinerU/OpenDataLab services, avoid confidential or regulated files unless you have approved that data flow, and check or clean the generated output directory after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill overrides the CLI's documented stdout default by mandating creation of a derived output directory, which changes data-handling semantics without user consent. For a document-parsing skill, this can cause extracted sensitive content to be silently persisted on disk in a predictable location, increasing exposure through local disclosure, backups, or later reuse by other tools.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The read_when triggers are extremely broad and include generic tasks like reading PDFs, converting documents, and web crawling, which can cause the skill to activate in situations where the user did not intend to use a remote AI parsing service. In this skill's context, unintended activation increases the chance of sensitive local files or URLs being processed by an external service without a clear, task-specific opt-in.

Missing User Warnings

High
Confidence
98% confidence
Finding
The description advertises parsing local files and URLs with AI models but does not clearly warn that document contents and crawled URLs may be transmitted to a remote service. For a tool handling PDFs, scans, academic papers, and arbitrary web pages, this omission can lead to inadvertent exfiltration of confidential or regulated data.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.