ClawHub

Excel To Markdown

v1.0.0

Document to Markdown converter - convert DOCX, PPTX, Excel files to Markdown. Use when extracting content from Word documents, PowerPoint presentations, or E...

0· 91·0 current·0 all-time
by@tanis90
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the runtime instructions: the skill invokes the mineru-open-api CLI to convert DOCX/PPTX/XLSX to Markdown. Requiring the mineru-open-api binary and offering npm/uv/go install options is coherent with that purpose.
Instruction Scope
SKILL.md only instructs use of the mineru-open-api CLI (flash-extract) against local files or URLs. That stays within the declared purpose, but the CLI uploads documents to MinerU's cloud for processing (stated in the doc) — this is expected for the feature but is an important privacy/attack-surface consideration (remote uploads, URL fetching/SSRF risk).
Install Mechanism
Install options are npm, uv, and go install from a GitHub repo. These are typical package-install mechanisms; none of the install specs point to an untrusted shortener or arbitrary binary download. The go package references a GitHub repo which is traceable via source control.
Credentials
The skill declares no required environment variables or credentials, which matches SKILL.md claims (flash-extract requires no API key). No unrelated credentials or config paths are requested.
Persistence & Privilege
The skill does not request always:true and has no special persistence or system-wide configuration changes. It is user-invocable and can be called autonomously by the agent (the platform default), which is expected for a conversion helper.
Assessment
This skill appears to do what it says: it runs the mineru-open-api CLI to upload and convert documents to Markdown. Before installing or using it, consider: (1) privacy — flash-extract uploads files to MinerU's cloud (verify mineru.net's privacy/storage policy if documents contain sensitive or confidential data); (2) supply-chain trust — prefer installing the CLI from known, verified package sources and check the npm/go package details and repository to ensure authenticity; (3) URL handling — be cautious about passing internal or private URLs (risk of server-side request forgery or exposing private data); (4) for very large or sensitive documents, prefer local/offline conversion tools or verify that the vendor offers guaranteed non-persistence. If you need, I can help locate the mineru-open-api npm package and GitHub repo to inspect release authenticity and source code.

Like a lobster shell, security has layers — review code before you run it.

latestvk9705zcsmezgg7q2t4qpeaac7983h262

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📑 Clawdis
Binsmineru-open-api

Install

Install via npm
Bins: mineru-open-api
npm i -g mineru-open-api
Install via uv
Bins: mineru-open-api
uv tool install mineru-open-api
Install via go install
Bins: mineru-open-api

Comments