ClawHub

Pic2md

v1.0.0

Image to Markdown - extract text from images (PNG, JPG, WebP) to Markdown with OCR. Use when reading text from screenshots, photos, scanned pages, or any ima...

0· 108·0 current·0 all-time
by@tanis90
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description: image→Markdown OCR. Required binary: mineru-open-api. Install entries (npm/uv/go) produce the mineru-open-api binary. All requested artifacts map to the stated purpose; no unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md instructs the agent to run mineru-open-api flash-extract against local files or URLs. This is within the OCR scope, but the CLI uploads images to MinerU's cloud API — so user data (images) will be transmitted off-host. The instructions do not ask the agent to read unrelated files, environment variables, or other system state.
Install Mechanism
Install spec uses public package ecosystems (npm, uv, go install) to install mineru-open-api, which is a normal/traceable mechanism but still carries the usual supply-chain risks (npm/go packages are third-party code). No direct download-from-random-URL or archive extraction is specified.
Credentials
No environment variables, credentials, or config paths are requested. The lack of secrets is proportionate to the stated functionality. The SKILL.md claims no API key or auth is required.
Persistence & Privilege
Skill is not always-enabled and does not request elevated persistence. There is no instruction to modify other skills or system-wide settings. The skill does rely on an external CLI binary being present.
Assessment
This skill appears coherent for doing OCR via the MinerU CLI, but it uploads images to MinerU's cloud for processing. Before installing or using it: 1) Do not send sensitive or confidential images unless you trust mineru.net's privacy policy and retention practices. 2) Verify the mineru-open-api package source (npm/Go repo) and publisher identity; prefer official releases and check repository/maintainer information on the homepage https://mineru.net. 3) Install and run the CLI initially in an isolated environment (container/VM) to inspect behavior and network traffic. 4) If you need on-device/offline OCR for sensitive data, consider local OCR tools (e.g., Tesseract) instead. 5) If you want additional assurance, ask the skill author for checksums or signed releases and review the mineru-open-api repository code before trusting it.

Like a lobster shell, security has layers — review code before you run it.

latestvk975vtw5sbjdp1r5fxqb1zw8m183h5mr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🖼️ Clawdis
Binsmineru-open-api

Install

Install via npm
Bins: mineru-open-api
npm i -g mineru-open-api
Install via uv
Bins: mineru-open-api
uv tool install mineru-open-api
Install via go install
Bins: mineru-open-api

Comments