ClawHub

Word2md

v1.0.0

Document to Markdown converter - convert DOCX, PPTX, Excel files to Markdown. Use when extracting content from Word documents, PowerPoint presentations, or E...

0· 86·0 current·0 all-time
by@tanis90
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (convert DOCX/PPTX/XLSX to Markdown) matches the required binary (mineru-open-api) and the instructions. There are no unrelated env vars, binaries, or config paths requested.
Instruction Scope
Instructions stay within the stated purpose but explicitly direct the agent to upload documents (local files or URL) to MinerU's cloud API (flash-extract). This is expected for a cloud-based conversion service but is important privacy-relevant behavior to be aware of.
Install Mechanism
Installers are via common package ecosystems (npm, go) and create a mineru-open-api binary. These are typical install mechanisms; the SKILL.md also points to the vendor homepage for downloads. No direct arbitrary URL downloads or extract-from-unknown-host steps are present in the declared install specs.
Credentials
No environment variables, credentials, or config paths are requested. The SKILL.md states no API key is required for flash-extract, and authentication is only mentioned for the higher-privilege 'extract' mode—this matches the declared requirements.
Persistence & Privilege
The skill is not always-included and does not request elevated persistence or cross-skill/system configuration changes. Autonomous invocation is allowed (platform default) but not combined with other red flags.
Assessment
This skill appears to do what it says: it runs a mineru-open-api CLI which uploads documents to MinerU's cloud for conversion. Before installing, consider: (1) privacy — documents (including any sensitive content) will be uploaded to an external service without an account or API key for the 'flash-extract' flow; review MinerU's privacy policy and terms; (2) verify the mineru-open-api package sources (npm package name and the GitHub repo) and confirm you trust them before installing binaries; (3) if documents are sensitive, prefer a local conversion tool (e.g., pandoc, python libraries) or test with non-sensitive files first; (4) you can run mineru-open-api --help in a sandbox to inspect behavior. Overall the skill is coherent, but treat document uploads as a privacy decision.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b3p233c5s9cysemwcz83np583kh9c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📑 Clawdis
Binsmineru-open-api

Install

Install via npm
Bins: mineru-open-api
npm i -g mineru-open-api
Install via uv
Bins: mineru-open-api
uv tool install mineru-open-api
Install via go install
Bins: mineru-open-api

Comments