Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Doc to JSON
v1.0.0Convert documents (docx, doc, PDF, xlsx, xls) to structured JSON via MinerU. Full pipeline: file to mineru-open-api extract to Markdown then to JSON. Use whe...
⭐ 0· 17·0 current·0 all-time
by梁辉盛@kounlong
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description promise: convert documents to JSON via MinerU. The SKILL.md and included scripts clearly require the mineru-open-api CLI and a MINERU_TOKEN. However the registry metadata lists no required binaries and no required environment variables. That is an internal inconsistency: a MinerU token and CLI are necessary to perform the described extraction but are not declared in the manifest.
Instruction Scope
The runtime instructions and scripts stay within the stated purpose: they call the mineru-open-api CLI to produce Markdown, then parse the Markdown into JSON locally. The scripts parse headings, tables, lists and metadata — no other system files are read and no unexpected external endpoints are referenced in the code itself. However the mineru-open-api CLI will contact MinerU's servers (not shown in the package), so documents and their content will be transmitted to that external service when the CLI runs.
Install Mechanism
This skill is instruction-only (no install spec). That lowers installer risk, but it also means the manifest does not install the required mineru-open-api CLI; users must install it themselves. The absence of an install specification for the external CLI is coherent but increases the chance of mismatches (user may not realize they need to install and trust a third-party CLI).
Credentials
The scripts and SKILL.md require MINERU_TOKEN (and pass it to the mineru-open-api CLI), but the registry metadata lists no required environment variables and no primary credential. Requesting a service token for an external extraction service is reasonable for the skill's purpose — the problem is the manifest omits that requirement, which is disproportionate and inconsistent. This omission reduces transparency about what secrets the skill needs.
Persistence & Privilege
The skill does not request persistent or elevated privileges: always is false, it does not modify other skills or global agent config, and it does not persist credentials itself. Temp files are cleaned up by default (unless --keep-temp is used).
What to consider before installing
What to consider before installing or running this skill:
- The skill will send documents to MinerU via the mineru-open-api CLI. That means your documents (including any sensitive content) may be transmitted to MinerU's servers. Only proceed if you trust MinerU and are comfortable with that data flow.
- The manifest does not declare the required MINERU_TOKEN or mineru-open-api binary — this is an inconsistency. Treat the missing declaration as a red flag: confirm with the author or registry why those requirements were omitted.
- If you must use it: obtain MINERU_TOKEN only from a trusted source and avoid using production secrets. Consider testing with non-sensitive files first.
- If you need stronger guarantees: inspect or install the mineru-open-api CLI from its official source (verify signatures/URLs), or prefer a local/offline extractor if you cannot trust remote processing.
- Mitigations: run the tool in an isolated environment (sandbox/VM), monitor outbound network traffic when the CLI runs, and verify the mineru-open-api CLI source code or release channel before supplying your token.
If the registry is updated to explicitly declare MINERU_TOKEN and mineru-open-api as requirements and provides an official upstream URL for the CLI, the inconsistency concern would be resolved and my confidence would increase.Like a lobster shell, security has layers — review code before you run it.
latestvk972xcwk6rprp85pbggk90bb8d85186b
License
MIT-0
Free to use, modify, and redistribute. No attribution required.