ClawHub

PDF Analysis

v0.4.0

Analyze the structure, layout, and content of PDF documents using MinerU. Returns structured output preserving headings, tables, images, formulas, and docume...

0· 94·0 current·0 all-time
by@mzlzyca
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill name/description (PDF analysis via MinerU) match the declared requirements: it needs the mineru-open-api CLI and a MINERU_TOKEN for full features. Requiring that binary and a service token is expected for a hosted/CLI wrapper around MinerU functionality.
Instruction Scope
SKILL.md stays within the PDF-analysis domain (operations on local files or URLs, flash-extract vs extract, page ranges, OCR). It references running the mineru-open-api CLI and an interactive auth flow. One ambiguity: 'extract' requires a token and likely calls MinerU's remote API (token creation is on mineru.net), which means document content may be uploaded to that service — this is consistent with the purpose but is important for sensitive documents.
Install Mechanism
Installation uses npm (mineru-open-api) or go install from a GitHub repo. These are typical for CLI tooling; they carry moderate risk compared with purely instruction-only skills because they install third-party code. No arbitrary download URLs or extract-from-untrusted-host patterns are used.
Credentials
Only MINERU_TOKEN is required (primaryEnv). That is proportionate for a tool that authenticates to a hosted MinerU service. The SKILL.md does not request other unrelated secrets or config paths.
Persistence & Privilege
always is false and the skill does not request elevated platform-wide privileges. The CLI's interactive auth may store a token locally (normal for CLI tools) but the skill does not attempt to modify other skills or system-wide configs according to the provided metadata.
Assessment
This skill appears coherent, but before installing: 1) Confirm the mineru-open-api package source (npm and the GitHub repo) are official and review their README/source so you know whether processing is local or sent to mineru.net. 2) Treat MINERU_TOKEN like any credential: only provide it if you accept that PDFs may be uploaded to the MinerU service; check token scope and storage location used by the CLI. 3) For sensitive documents, prefer local/offline processing or validate that the tool supports fully local extraction; avoid using the 'extract' mode if it uploads data. 4) Install the CLI from the official project pages, inspect what files the installer creates, and run it in a sandbox if possible. 5) Be cautious when running interactive auth in shared environments since tokens are often persisted to disk — locate and audit that config file if needed.

Like a lobster shell, security has layers — review code before you run it.

latestvk976b21n01fphec0f8chdme19n84495v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📄 Clawdis
Binsmineru-open-api
EnvMINERU_TOKEN
Primary envMINERU_TOKEN

Install

Install via npm
Bins: mineru-open-api
npm i -g mineru-open-api
Install via go install
Bins: mineru-open-api

Comments