ClawHub

Image To Markdown

v1.0.0

Image to Markdown - extract text from images (PNG, JPG, WebP) to Markdown with OCR. Use when reading text from screenshots, photos, scanned pages, or any ima...

0· 73·0 current·0 all-time
by@tanis90
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the runtime instructions: the SKILL.md tells the agent to run mineru-open-api flash-extract on local files or URLs. Required binary (mineru-open-api) and install options (npm/uv/go) are proportionate to an OCR/CLI wrapper skill.
Instruction Scope
Instructions are narrowly scoped to running mineru-open-api for OCR. They explicitly allow uploading images (local file or URL) to MinerU's cloud API. The doc asserts 'no account / no API key' and 'images are not stored after extraction' — those are privacy-relevant claims the agent will follow but cannot verify. Also the skill requires you to pass image paths/URLs, which means the binary will read local files and send them to a remote endpoint.
Install Mechanism
Install options are via npm, uv, or go install (public package names / GitHub path are provided). These are standard but install arbitrary third‑party code on the host. The SKILL.md also directs users to mineru.net for a manual download if installs fail — fetching a binary from an external site has higher risk and should be verified.
Credentials
No environment variables, credentials, or config paths are requested. The skill does not ask for unrelated secrets or system access beyond what a CLI OCR tool needs.
Persistence & Privilege
always is false and the skill is user-invocable with normal autonomous invocation allowed. The skill does not request permanent presence or modify other skills/configurations.
Assessment
This skill appears to do what it claims (OCR -> Markdown) but it depends on a third-party CLI (mineru-open-api) that will read images you give it and upload them to MinerU's cloud. Before installing or using it: 1) Do not send sensitive or private images until you verify MinerU's privacy/storage policy and trustworthiness of the npm/go package or the downloadable binary. 2) Vet the package source: check the npm package owner, the GitHub repo (opendatalab/MinerU-Ecosystem), package contents, and recent releases for suspicious code. 3) Prefer testing with non-sensitive images first. 4) If you require guaranteed local-only OCR, use a well-known local OCR tool instead. 5) Note the SKILL.md's claim that images are not stored is unverifiable from the skill alone — treat it as a claim, not a guarantee.

Like a lobster shell, security has layers — review code before you run it.

latestvk9716y1d22a68km5qsj8khnrms83hmpz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🖼️ Clawdis
Binsmineru-open-api

Install

Install via npm
Bins: mineru-open-api
npm i -g mineru-open-api
Install via uv
Bins: mineru-open-api
uv tool install mineru-open-api
Install via go install
Bins: mineru-open-api

Comments