ClawHub

Doc Analysis

v0.4.0

Analyze the structure, layout, and content of Word documents (.doc, .docx) using MinerU. Returns structured Markdown with headings, paragraphs, tables, and l...

0· 148·0 current·0 all-time
by@mzlzyca
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Word document analysis) match the declared binary (mineru-open-api) and the single required env var (MINERU_TOKEN). Requiring a MinerU CLI and token is expected for a hosted/open-source document analysis service.
Instruction Scope
Runtime instructions stick to running the mineru-open-api CLI on local files or URLs and handling stdout/stderr. One minor inconsistency: SKILL.md notes a 'flash-extract' mode that requires no token while metadata marks MINERU_TOKEN as required; this is likely an over-assertion in metadata rather than malicious scope creep.
Install Mechanism
Installers are standard: npm package and a Go 'go install' from a GitHub repo. No download-from-untrusted-URL or archive extraction steps are present. These are moderate-risk (npm/GitHub) but appropriate for a CLI tool.
Credentials
Only one credential is requested (MINERU_TOKEN) which is proportional for a remote MinerU service. The SKILL.md's mention that some quick extraction works without a token suggests the token may not be strictly required for all operations; metadata requiring it unconditionally is slightly overbroad but not a strong red flag.
Persistence & Privilege
always is false, the skill is user-invocable, and it does not request to modify other skills or system-wide configs. It only requires presence of the mineru-open-api binary.
Assessment
This skill appears coherent and does what it claims: it runs the MinerU CLI against .doc/.docx files and uses a MINERU_TOKEN for authenticated extracts. Before installing: (1) Confirm you trust the npm package name and the GitHub repo (inspect the repo/source if you can). (2) Understand that documents processed by the CLI may be sent to MinerU servers when using the authenticated 'extract' mode — avoid sending highly sensitive documents unless you’ve verified the service’s privacy/security. (3) If you only need quick, local/no-token extraction, check whether 'flash-extract' actually operates without a token in your environment. (4) Prefer installing in a sandbox or container first and verify behavior and network activity if you have strict security requirements.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dqdt7g58xbmvpt4bme9d939844pmh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📄 Clawdis
Binsmineru-open-api
EnvMINERU_TOKEN
Primary envMINERU_TOKEN

Install

Install via npm
Bins: mineru-open-api
npm i -g mineru-open-api
Install via go install
Bins: mineru-open-api

Comments