ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Smart PDF OCR

v0.2.0

Intelligent PDF OCR powered by MinerU API. Extract text from scanned PDFs, image-based PDFs, and photographed documents using mineru-open-api CLI with advanc...

0· 113·0 current·0 all-time
by@veeicwgy

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for veeicwgy/smart-pdf-ocr.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Smart PDF OCR" (veeicwgy/smart-pdf-ocr) from ClawHub.
Skill page: https://clawhub.ai/veeicwgy/smart-pdf-ocr
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install smart-pdf-ocr

ClawHub CLI

Package manager switcher

npx clawhub@latest install smart-pdf-ocr
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims MinerU-powered OCR and the SKILL.md explicitly uses the mineru-open-api CLI with commands that align with that purpose (flash-extract, extract, --ocr, --model). However, the metadata declares no primary credential or environment requirements while the README implies advanced features use the MinerU API (which typically requires an API token). This mismatch is unexplained.
Instruction Scope
Instructions are narrowly scoped to installing the mineru-open-api CLI and running it against user PDFs, creating an output directory under the user's home. The SKILL.md does not instruct the agent to read unrelated system files or exfiltrate data. Concern: it omits details on how to supply API credentials for advanced/precision extracts, so the agent (or user) may need to supply secrets or the CLI may prompt — that behavior is not documented here.
!
Install Mechanism
The SKILL.md tells users to run `npm install -g mineru-open-api`. Installing an arbitrary global npm package executes third-party code on the host and is a moderate-risk operation unless the package and publisher are verified. The skill has no install spec or verified homepage/source in its metadata to confirm the package origin.
Credentials
No environment variables or credentials are declared in the metadata, which is reasonable for quick/no-token flash-extract. But the skill advertises advanced OCR powered by MinerU (VLM/pipeline models) which almost certainly requires API keys or tokens; the absence of any guidance or declared env vars for providing those secrets is an unexplained omission.
Persistence & Privilege
The skill does not request always: true, no install spec in the registry, and it does not claim to modify other skills or system-wide settings. Creating an output directory under the user's home is expected for file output.
What to consider before installing
This skill appears to do what it says (run the mineru-open-api CLI to OCR PDFs), but exercise caution before installing. Verify the npm package: check the mineru-open-api package page, author, and repository on the npm registry or GitHub; prefer installing in a sandbox/container rather than globally on a production system; do not run the install as root. Ask the skill author or maintainer how advanced/precision OCR is authenticated (which env var or token the CLI uses) and where credentials are stored; avoid supplying sensitive API keys unless you can confirm the package's source and trustworthiness. If you cannot verify the package origin, consider alternative, well-known OCR tools (Tesseract, Google/Adobe official CLIs) or run the tool in an isolated VM.

Like a lobster shell, security has layers — review code before you run it.

latestvk970ngzgr0r99tha5r7whn7qzs84b84h
113downloads
0stars
2versions
Updated 3w ago
v0.2.0
MIT-0
@veeicwgy
latest
Download

Smart PDF OCR with mineru-open-api

You are a PDF OCR specialist. Extract text from scanned and image-based PDFs using mineru-open-api.

Installation

npm install -g mineru-open-api

OCR Workflow

  1. Quick OCR (no token):

    mineru-open-api flash-extract scanned.pdf -o ./output/

  2. Advanced OCR with table/formula recognition:

    mineru-open-api extract scanned.pdf --ocr -o ./output/

  3. Complex layout OCR (VLM model):

    mineru-open-api extract scanned.pdf --ocr --model vlm -o ./output/

  4. Multi-language OCR:

    mineru-open-api extract document.pdf --ocr --language latin -o ./output/

Key Rules

  • Default to flash-extract for PDFs under 10MB/20 pages
  • Use --ocr flag with extract for scanned documents
  • Use --model vlm for complex layouts (academic papers, mixed content)
  • Use --model pipeline when no-hallucination guarantee is needed
  • Check file size before running: if >10MB, skip flash-extract
  • Generate default output dir: ~/MinerU-Skill/<name>_<hash>/

Supported Languages

ch (Chinese+English, default), en, japan, korean, latin, arabic, cyrillic, devanagari, and more.

Comments

Loading comments...