Xlsx To Markdown
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent document-to-Markdown skill, but it installs an external MinerU CLI and sends documents to MinerU’s cloud for conversion.
This skill appears safe for its intended purpose if you trust MinerU’s CLI and cloud processing. Before installing, be aware that converted documents may be uploaded to MinerU, and avoid using it for sensitive files unless that is acceptable.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Documents converted with this skill may leave your computer and be processed by MinerU’s cloud service.
The skill explicitly sends document contents to an external cloud provider, which is expected for this converter but important for privacy-sensitive files.
`flash-extract` uploads the document to MinerU's cloud API for processing and returns the result.
Use it only for documents you are comfortable sending to MinerU, and review MinerU’s privacy terms before processing confidential or regulated files.
Installing the skill adds a third-party command-line tool to the environment.
The skill depends on installing a third-party CLI package rather than containing reviewed code in the artifact set.
node | package: mineru-open-api; uv | package: mineru-open-api; go | package: github.com/opendatalab/MinerU-Ecosystem/cli/mineru-open-api
Install from the official MinerU sources or trusted package registries, and verify the package before use.
The agent may prefer the skill’s same-language rule even when a different response language is requested.
This is a strong instruction about agent response behavior that is not central to file conversion and could conflict with explicit user language instructions.
You MUST reply to the user in the SAME language they use. This is non-negotiable.
Treat this as a low-impact formatting instruction and do not let it override explicit user or platform instructions.
Using the larger-file mode may require logging into MinerU and granting the CLI account access.
The main workflow requires no credentials, but the skill documents an optional authenticated mode for larger or more precise extraction.
For larger files (up to 200MB/600 pages) or precision extraction, use `mineru-open-api extract` (requires auth via `mineru-open-api auth`)
Only authenticate if you need the larger-file workflow, and understand what account permissions and credential storage the CLI uses.