ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Docx To Markdown

v1.0.0

Document to Markdown converter - convert DOCX, PPTX, Excel files to Markdown. Use when extracting content from Word documents, PowerPoint presentations, or E...

0· 70·0 current·0 all-time
by@tanis90
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill is a document-to-Markdown converter and requires the mineru-open-api CLI binary, which is exactly what's needed to perform the conversions described. No unrelated environment variables, binaries, or config paths are requested.
Instruction Scope
SKILL.md instructs the agent to run mineru-open-api flash-extract on local files or URLs; that CLI uploads documents to MinerU's cloud API for processing. This behavior is consistent with the skill's purpose but means user documents are transmitted off-device — a privacy/data-exfiltration consideration, not an incoherence.
Install Mechanism
Install options are npm/uv/go for a CLI named mineru-open-api (including a GitHub go package). These are reasonable distribution channels. The README also offers a direct-download fallback from mineru.net; downloading executables from a vendor site has higher risk than using a well-known package registry, so verify source/trustworthiness if using that fallback.
Credentials
No environment variables or credentials are requested, which aligns with SKILL.md's explicit statement that no API key or signup is required. The lack of secrets is proportionate to the described 'flash-extract' use-case.
Persistence & Privilege
The skill is not forced-always and does not request elevated or persistent platform privileges. It does not attempt to modify other skills or system-wide agent settings.
Assessment
This skill legitimately runs the mineru-open-api CLI to upload and convert Office files to Markdown. Before installing or using it, consider: (1) Privacy — flash-extract uploads your documents to MinerU's cloud without authentication; do not send sensitive or confidential files unless you trust the service and have reviewed its privacy policy. (2) Source trust — prefer installing via trusted package managers (npm or go) and, if using a direct download, verify checksums and the vendor site (mineru.net). (3) Alternative if you need offline processing — use local converters (pandoc, LibreOffice/unoconv) to avoid sending documents to an external service. If you want more assurance, inspect the mineru-open-api source code or run the CLI in an isolated environment before using it with real documents.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eyp9fqbg5b4wdte1tr818z583ge9z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📑 Clawdis
Binsmineru-open-api

Install

Install via npm
Bins: mineru-open-api
npm i -g mineru-open-api
Install via uv
Bins: mineru-open-api
uv tool install mineru-open-api
Install via go install
Bins: mineru-open-api

Comments