v1.0.0

Pdf2md

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:13 AM.

Analysis

This skill is a coherent PDF-to-Markdown converter, but users should notice that selected PDFs are uploaded to MinerU’s external API for processing.

GuidanceThis skill appears benign and purpose-aligned. Before installing or using it, be aware that it depends on the external mineru-open-api CLI and uploads chosen PDFs to MinerU for processing; avoid using it for confidential documents unless you are comfortable with that provider.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

"install":[{"id":"npm","kind":"node","package":"mineru-open-api"},{"id":"uv","kind":"uv","package":"mineru-open-api"},{"id":"go","kind":"go","package":"github.com/opendatalab/MinerU-Ecosystem/cli/mineru-open-api"}]

The skill relies on installing an external CLI package, and the artifact does not pin a version. This is common for CLI-based skills but means trust depends on the package source.

User impactInstalling the skill may install and run third-party CLI code from a package registry or Go source.

RecommendationInstall from the official source, verify the package identity, and prefer pinned or reviewed versions where possible.

Agent Goal Hijack

SeverityInfoConfidenceHighStatusNote

SKILL.md

You MUST reply to the user in the SAME language they use. This is non-negotiable.

This instruction affects the agent's response behavior beyond the core PDF conversion task. It is low impact, but could conflict with a user's explicit language preference.

User impactThe agent may answer in the same language as the user's prompt even if the user wanted another language.

RecommendationTreat this as a style preference and continue to honor explicit user or system-level language instructions.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

For larger files (up to 200MB/600 pages) or precision extraction with full assets, use `mineru-open-api extract` (requires auth via `mineru-open-api auth`)

The main workflow requires no credentials, but the artifact documents an optional authenticated workflow for larger or more precise extraction.

User impactIf you choose the optional authenticated mode, the CLI may store or use MinerU account credentials.

RecommendationDo not authenticate unless you need the larger-file workflow, and use minimal account privileges where possible.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

SKILL.md

`flash-extract` sends the document to the MinerU API (mineru.net) for processing and returns Markdown.

The artifact clearly discloses that PDF contents are sent to an external provider for processing, which is expected for this converter but can involve sensitive document data.

User impactPrivate PDFs, reports, contracts, or other sensitive files may be uploaded to MinerU when the skill is used.

RecommendationUse this only for documents you are comfortable sending to MinerU, and review MinerU's privacy and retention terms for sensitive files.