ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

MiniMax PDF OCR

v1.0.0

使用 MiniMax Vision API 识别 PDF/图片中的文字

0· 307·1 current·1 all-time
by@chongjie-ran

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for chongjie-ran/minimax-pdf-ocr.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "MiniMax PDF OCR" (chongjie-ran/minimax-pdf-ocr) from ClawHub.
Skill page: https://clawhub.ai/chongjie-ran/minimax-pdf-ocr
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install minimax-pdf-ocr

ClawHub CLI

Package manager switcher

npx clawhub@latest install minimax-pdf-ocr
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The code and SKILL.md implement PDF→PNG conversion (pdftoppm/poppler) and send images to a MiniMax Vision API for OCR — this aligns with the skill name/description. However, the registry metadata (which claimed no required env vars or binaries) is inconsistent with the SKILL.md and code that require an API key (MINIMAX_API_KEY) and rely on a system binary (pdftoppm).
Instruction Scope
Runtime instructions are focused: convert PDF to images, base64-encode images, and POST them to https://api.minimax.chat/v1/text/chatcompletion_v2 for OCR, then save Markdown. The instructions do send image data (embedded as data URLs) to an external API — expected for an OCR skill but important for privacy. SKILL.md also instructs installing npm packages (openai, pdf2image) that the shipped code does not use; this is inconsistent but not directly harmful.
Install Mechanism
No install spec (instruction-only) lowers risk. The only non-JS install guidance is to install poppler (provides pdftoppm) via brew — a standard system package. There are no remote download/extract steps or obscure URLs in the install path.
Credentials
The code requires a single credential (MINIMAX_API_KEY) and optionally OUTPUT_DIR — proportional for a remote OCR API. However, the registry metadata incorrectly lists no required env vars; this discrepancy between declared requirements and actual code is a red flag (could be sloppy packaging or mis-declared permissions). No other credentials are requested.
Persistence & Privilege
The skill does not request persistent/always-on privileges and does not modify other skills or system-wide configs. It runs as a user-invoked Node script and only accesses the files you provide plus the environment API key.
What to consider before installing
This skill's code does what its name says: it converts PDF pages to images and uploads those images to a MiniMax Vision API to get OCR results, then writes a Markdown file. Before installing or using it, consider: 1) Privacy: images (full page content) are sent to https://api.minimax.chat — do not process sensitive/confidential documents unless you trust that service and its privacy policy. 2) Credentials: the code requires MINIMAX_API_KEY (set in env). The registry metadata incorrectly stated no env vars — verify you are comfortable providing that API key. 3) System dependency: pdftoppm (poppler) must be installed; SKILL.md mentions it but registry metadata omitted it. 4) Inconsistencies: SKILL.md recommends npm packages (openai, pdf2image) that are not used by the shipped code — this suggests sloppy packaging; prefer to inspect/run the script in a sandbox first. 5) Safety checks: check the API endpoint and the publisher before using with real secrets, and test on non-sensitive sample documents. If you want to proceed, run it locally in an isolated environment and verify network endpoints and outputs yourself. If you require higher assurance, ask the publisher to correct the metadata and provide provenance/hosting information.
pdf-ocr-minimax.js:36
Shell command execution detected (child_process).
pdf-ocr-minimax.js:14
Environment variable access combined with network send.
!
pdf-ocr-minimax.js:58
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bzntnemc3rbbmftvq8x4rax83dkym
307downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@chongjie-ran
latest
Download

MiniMax OCR Skill

使用 MiniMax Vision API 识别 PDF/图片中的文字内容,支持中文和英文。

功能

  • PDF 转图片(使用 poppler)
  • MiniMax Vision API 文字识别
  • 输出 Markdown 格式

依赖

# 安装 Node.js 依赖
cd minimax-pdf-ocr
npm install openai pdf2image

# 安装系统依赖
brew install poppler

使用方法

命令行

# 设置 API Key
export MINIMAX_API_KEY="your-api-key"

# 运行 OCR
node pdf-ocr-minimax.js <pdf文件路径> [输出目录]

# 示例
node pdf-ocr-minimax.js ./document.pdf ./output/

作为 Skill 使用

在 JavaScript 代码中调用:

const { recognizePdf } = require('./pdf-ocr-minimax.js');

await recognizePdf('/path/to/document.pdf', './output/');

环境变量

变量说明必填
MINIMAX_API_KEYMiniMax API Key (从 platform.minimaxi.com 获取)
OUTPUT_DIR输出目录否(默认当前目录)

输出

  • 识别结果保存为 .md 文件
  • 包含所有页面的文字内容
  • 保持原有格式和段落结构

示例输出

# 文档名称

## 第 1 页

这里是第一页的文字内容...

## 第 2 页

这里是第二页的文字内容...

注意事项

Comments

Loading comments...