ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

MinerU PDF Parser Clawdbot Skill

v1.0.0

Parse PDFs locally (CPU) into Markdown/JSON using MinerU. Assumes MinerU creates per‑doc output folders; supports table/image extraction.

2· 2.2k·7 current·7 all-time
by@kesslerio
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description match its contents: the README, SKILL.md, and the shell script are all focused on invoking a local MinerU CLI to parse PDFs. No unrelated binaries, services, or credentials are requested.
Instruction Scope
SKILL.md instructs the agent to run scripts/mineru_parse.sh on a local PDF. The script validates the input file and checks for the MinerU CLI. It does not read or transmit other files or credentials. Note: the script accepts MINERU_EXTRA_ARGS and expands them into the command line (word splitting via shell expansion), so untrusted or user-supplied extra-arg strings could change command behavior — this is a normal tradeoff for CLI wrappers but worth awareness.
Install Mechanism
There is no install spec (instruction-only plus a helper script). Nothing is downloaded or written by the skill itself during install; the skill relies on an externally installed MinerU CLI as documented.
Credentials
The skill declares no required environment variables or credentials. It supports optional env overrides (MINERU_CMD, flag-name overrides, MINERU_EXTRA_ARGS, etc.) which are appropriate for wrapping different MinerU installations. No secret-like variables are requested.
Persistence & Privilege
The skill is user-invocable, not always-enabled, and does not modify other skills or system-wide configuration. It does not request elevated or persistent privileges.
Assessment
This skill appears to do exactly what it claims: call a local MinerU CLI to parse PDFs into Markdown/JSON and write results to a local output folder. Before installing or running: (1) ensure you have a trustworthy MinerU CLI binary installed (the skill will run whatever MINERU_CMD points to), (2) be cautious if you set MINERU_EXTRA_ARGS or override MINERU_CMD — they can change the executed command or inject unexpected arguments, (3) run the skill on non-sensitive PDFs first to confirm output and behavior, and (4) be aware MinerU may use significant CPU and disk (models can be large). No credentials or network endpoints are required by the skill itself.

Like a lobster shell, security has layers — review code before you run it.

latestvk979ea85hgwqjx710yq2wwweys7zrscc
2.2kdownloads
2stars
1versions
Updated 8h ago
v1.0.0
MIT-0
@kesslerio
latest
Download

MinerU PDF

Overview

Parse a PDF locally with MinerU (CPU). Default output is Markdown + JSON. Use tables/images only when requested.

Quick start (single PDF)

# Run from the skill directory
./scripts/mineru_parse.sh /path/to/file.pdf

Optional examples:

./scripts/mineru_parse.sh /path/to/file.pdf --format json
./scripts/mineru_parse.sh /path/to/file.pdf --tables --images

When to read references

If flags differ from your wrapper or you need advanced defaults (backend/method/device/threads/format mapping), read:

  • references/mineru-cli.md

Output conventions

  • Output root defaults to ./mineru-output/.
  • MinerU creates the per-document subfolder under the output root (e.g., ./mineru-output/<basename>/...).

Batching

Default is single-PDF parsing. Only implement batch folder parsing if explicitly requested.

Comments

Loading comments...