ClawHub

Img2md

v1.0.0

Image to Markdown - extract text from images (PNG, JPG, WebP) to Markdown with OCR. Use when reading text from screenshots, photos, scanned pages, or any ima...

0· 87·0 current·0 all-time
by@tanis90
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (image → Markdown OCR) matches the declared binary dependency (mineru-open-api) and the SKILL.md commands (mineru-open-api flash-extract). No unrelated credentials, tools, or config paths are requested.
Instruction Scope
SKILL.md only instructs using the mineru-open-api CLI on local files or URLs and to return OCR output in the user's language. It explicitly states images are uploaded to MinerU's cloud for processing, which is consistent with the stated purpose but does mean user images are transmitted off-host.
Install Mechanism
Installation options are npm/uv/go installs of a mineru-open-api CLI or manual download from mineru.net. These are common distribution channels; no obscure shorteners or raw binary downloads are used. Installing will place a third-party CLI on the system and allow execution of that binary—verify trust in the package/source before installing.
Credentials
The skill requests no environment variables, credentials, or config paths. The SKILL.md mentions optional auth for advanced usage but does not require secrets for the basic flash-extract flow, which is proportionate to its function.
Persistence & Privilege
always is false and there is no attempt to modify system/agent-wide config. The skill does require installing a CLI binary but does not demand persistent elevated privileges in its metadata.
Assessment
This skill is internally consistent: it runs a third-party CLI (mineru-open-api) to OCR images and uploads images to MinerU's cloud for processing. Before installing or using it, consider: (1) Privacy — images (including screenshots or photos with sensitive content) will be transmitted to an external service; avoid sending sensitive images unless you trust MinerU's policy. (2) Trust the CLI package — review the npm package and the GitHub repo (the go install target) or inspectorily inspect the installer before installing to ensure it is legitimate. (3) Runtime autonomy — the skill can be invoked by the agent by default; if you want to prevent unexpected uploads, restrict agent autonomy or only invoke the skill manually. (4) For batch or higher-precision workflows the SKILL.md mentions auth is available; treat any credentials you supply to that CLI as sensitive. If you want more assurance, request the upstream package source code or a checksum for the distributed binary before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a6s0hrtfz9mzh6r81qybxwd83gqy5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🖼️ Clawdis
Binsmineru-open-api

Install

Install via npm
Bins: mineru-open-api
npm i -g mineru-open-api
Install via uv
Bins: mineru-open-api
uv tool install mineru-open-api
Install via go install
Bins: mineru-open-api

Comments