ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Academic Reader

v1.0.0

PDF to Markdown converter - extract text, tables and formulas from PDF files to clean Markdown. Use when converting PDF documents, extracting PDF content, pa...

0· 57·0 current·0 all-time
by@tanis90
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (PDF to Markdown converter) aligns with the declared binary (mineru-open-api) and the SKILL.md examples (mineru-open-api flash-extract). Required binaries and install methods are consistent with the stated purpose.
Instruction Scope
SKILL.md instructs using the mineru-open-api CLI to send local files or URLs to the MinerU service for extraction. It does not direct the agent to read unrelated files, environment variables, or system configuration. The documented data flow explicitly sends the document to mineru.net, which is consistent with a cloud-based extraction tool.
Install Mechanism
Installers are npm / uv / go package installs for a CLI named mineru-open-api. Using public package managers is typical but does involve executing third-party code on the host. No direct-download URLs or obscure hosts are used in the install spec, which lowers but does not eliminate install risk.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportional for a tool that claims 'no API key required.' The only sensitive action is uploading user-provided PDFs to an external API, which is justified by the stated functionality but has privacy implications.
Persistence & Privilege
always:false and no config paths or cross-skill config modifications are requested. The skill does not request permanent presence or elevated platform privileges beyond installing/using its CLI binary.
Assessment
This skill appears to do what it says, but it uploads documents to the MinerU API (mineru.net) for processing. Before installing or using it, avoid sending sensitive or confidential PDFs; verify the mineru-open-api package source (npm page and the GitHub repo referenced), inspect package contents or source code if possible, and install/run it in a controlled environment (or sandbox) if you have privacy concerns. Check the CLI's version, publisher, and checksum, and prefer an on-device extractor if you cannot accept external upload of your documents.

Like a lobster shell, security has layers — review code before you run it.

latestvk976hwdvnkwtka8c3qy8g6m18d83g1nf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📄 Clawdis
Binsmineru-open-api

Install

Install via npm
Bins: mineru-open-api
npm i -g mineru-open-api
Install via uv
Bins: mineru-open-api
uv tool install mineru-open-api
Install via go install
Bins: mineru-open-api

Comments