MinerU PDF Parser
v1.0.1用 MinerU API 解析 PDF/Word/PPT/图片为 Markdown,支持公式、表格、OCR。适用于论文解析、文档提取。
⭐ 8· 4.2k·41 current·44 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the instructions: the skill delegates PDF/Word/PPT/image → Markdown conversion to MinerU's API. However, SKILL.md demonstrates use of an API key (MINERU_TOKEN) and uses MinerU endpoints while the registry metadata declares no required environment variables or primary credential. That omission is inconsistent with the skill's stated purpose.
Instruction Scope
Runtime instructions include network calls to https://mineru.net, uploading files via presigned URLs, polling task status, and local commands (curl, jq, unzip, mkdir). Those actions are coherent with document parsing, but the instructions reference environment variables and CLI tools that are not declared in the registry. The skill also suggests adding MINERU_TOKEN to ~/.bashrc — i.e., storing an API key locally — which is normal for API use but should be explicitly declared.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, which is the lowest-risk install pattern. Nothing is written to disk by the skill bundle itself.
Credentials
SKILL.md requires an API credential (MINERU_TOKEN) for MinerU; the registry metadata lists no required environment variables or primary credential. Requesting a single service API key is proportionate to the task, but the lack of declaration is an inconsistency that can hide how secrets will be used. No unrelated credentials are requested.
Persistence & Privilege
The skill does not request 'always: true' or other elevated persistence and does not claim to modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) and appropriate for a callable integration.
What to consider before installing
Before installing, note these points and take these steps:
- The SKILL.md shows the skill uses an API key named MINERU_TOKEN (Authorization: Bearer) and makes network calls to mineru.net. The registry metadata did NOT declare any required environment variable — ask the publisher to correct the metadata so you can see exactly what secrets are needed.
- The instructions rely on command-line tools (curl, jq, unzip, mkdir). Ensure those tools are available and that the agent environment will handle them safely.
- Consider the sensitivity of documents you will upload. MinerU is an external service; uploading private/confidential docs will transmit them off your machine. If you need to protect data, do not provide highly sensitive files or create a limited-scope API key.
- Verify the skill origin: source is listed as unknown. Check the MinerU homepage and API docs (links exist in SKILL.md) and prefer installing skills from identifiable publishers or from the project's official GitHub (links are provided). Ask the publisher to add the required env var(s) to the registry entry and to confirm whether any data persists on mineru.net.
- If you proceed, create and use an API key with minimal scope/quota, and rotate or revoke it after testing. Refuse to provide unrelated credentials (AWS, GitHub tokens, etc.) — they are not needed for this skill.
If the publisher cannot clarify the missing metadata (required env var and expected CLI dependencies), treat the skill as untrusted and avoid installing it.Like a lobster shell, security has layers — review code before you run it.
latestvk974fntf07fr0jgv1aerg5f4z580n5ce
License
MIT-0
Free to use, modify, and redistribute. No attribution required.