Doc To Markdown
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is purpose-aligned for converting Word files to Markdown, but users should notice that it relies on a third-party MinerU CLI/service, may process document contents, and uses a MinerU token for some conversions.
This looks like a normal document-conversion skill. Before installing, confirm you trust the MinerU CLI package and service, protect your MINERU_TOKEN, and do not process confidential Word documents unless you are comfortable with MinerU handling them.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the CLI gives third-party package code the ability to run locally when used.
The skill asks the user to install an external CLI package, including an unpinned @latest Go install. This is central to the stated purpose but means the installed code is outside the provided artifact.
npm install -g mineru-open-api # or via Go (macOS/Linux): go install github.com/opendatalab/MinerU-Ecosystem/cli/mineru-open-api@latest
Install only from the official MinerU/OpenDataLab source, consider pinning a known version, and keep normal package-update caution.
Anyone or any process with access to the token may be able to use the associated MinerU API access.
The skill discloses that .doc conversion requires a MinerU token and provides both interactive auth and environment-variable setup.
Token required for `.doc`: mineru-open-api auth # Interactive token setup export MINERU_TOKEN="your-token"
Use a dedicated MinerU token where possible, avoid sharing it in chats or logs, and revoke it if no longer needed.
Sensitive Word documents may be processed by MinerU tooling or service flows as part of conversion.
The skill is built around MinerU's CLI/API workflow and accepts local documents or URLs. Word documents can contain sensitive content, so users should understand the provider/tool boundary before conversion.
Convert Word (.doc/.docx) documents to clean Markdown using MinerU. ... Supported input: .doc, .docx (local file or URL)
Avoid converting confidential documents unless you trust MinerU's handling of the content and understand its privacy and retention terms.