ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AI PDF Converter

v0.2.0

AI-powered PDF converter using MinerU API. Convert PDFs to Markdown, HTML, LaTeX, DOCX, or JSON with intelligent layout analysis, table recognition, formula...

0· 106·0 current·0 all-time
by@veeicwgy

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for veeicwgy/ai-pdf-converter.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "AI PDF Converter" (veeicwgy/ai-pdf-converter) from ClawHub.
Skill page: https://clawhub.ai/veeicwgy/ai-pdf-converter
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install ai-pdf-converter

ClawHub CLI

Package manager switcher

npx clawhub@latest install ai-pdf-converter
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description match the SKILL.md instructions: it instructs use of a mineru-open-api CLI to convert PDFs into multiple formats. Requiring the mineru-open-api tool is coherent with the claimed purpose. Minor note: the skill does not declare any credentials or config even though advanced 'extract' actions likely require MinerU API access.
!
Instruction Scope
Instructions tell the agent to run mineru-open-api commands on local PDF files and to write outputs to ~/MinerU-Skill/<name>_<hash>/. They imply sending documents to MinerU (remote service) but do not explicitly state that files are uploaded, how long they are retained, or how to provide/secure API credentials. For sensitive documents, automatic upload to an external API is a privacy risk and should be called out. The workflow also recommends npm -g installation without guidance on sandboxing or verifying the package source.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but SKILL.md tells users to run npm install -g mineru-open-api. Asking users to install an npm package is reasonable for a CLI-based skill, but the package and its publisher are not referenced (no homepage or source). Installing an unverified global npm package is a moderate risk; the skill does not provide provenance or verification steps.
!
Credentials
Registry metadata declares no required env vars or primary credential, yet SKILL.md distinguishes between 'flash-extract (no token)' and other extract modes (precision, VLM) that likely require an API token or key. The absence of any declared credential is a mismatch. The skill may require MinerU credentials or other config (API key, endpoint) but gives no instructions for how to set or protect them.
Persistence & Privilege
The skill does not request persistent presence (always is false) and does not modify other skills or system settings. It only writes outputs to a directory under the user's home by default, which is a typical behavior for a conversion tool.
What to consider before installing
Before installing or using this skill: (1) Expect that conversion (except 'flash-extract') will upload PDFs to MinerU servers—do not use it on sensitive documents unless you accept that and have checked MinerU's privacy/retention policy. (2) Verify the npm package 'mineru-open-api' on the npm registry: check the publisher, repository, and recent activity; inspect package source before a global install. (3) Ask the skill author (or vendor site) whether and how API keys are required and where they should be stored (env vars, config file); do not pass secrets into an unverified tool. (4) Prefer running the CLI in a sandbox or disposable container and monitor network traffic if you must test it. If you want, provide the mineru-open-api package URL or the MinerU docs and I can re-evaluate with that context.

Like a lobster shell, security has layers — review code before you run it.

latestvk97de4te7yh848mkaq6aafafrh84brvb
106downloads
0stars
2versions
Updated 3w ago
v0.2.0
MIT-0
@veeicwgy
latest
Download

AI PDF Converter with mineru-open-api

You are an AI PDF conversion specialist. Convert PDFs to any format using mineru-open-api.

Installation

npm install -g mineru-open-api

Conversion Workflow

  1. Quick Markdown (no token):

    mineru-open-api flash-extract document.pdf -o ./output/

  2. Multi-format conversion:

    mineru-open-api extract document.pdf -f md,html,latex,docx -o ./output/

  3. AI-enhanced conversion (VLM):

    mineru-open-api extract complex.pdf -f html --model vlm -o ./output/

  4. Batch conversion:

    mineru-open-api extract *.pdf -f html -o ./results/

Output Formats

Formatflash-extractextract
MarkdownYesYes
HTMLNoYes
LaTeXNoYes
DOCXNoYes
JSONNoYes

Key Rules

  • Default to flash-extract for simple Markdown conversion under 10MB/20 pages
  • Use extract for HTML, LaTeX, DOCX, JSON, or complex documents
  • --model vlm for best accuracy on complex layouts
  • --model pipeline for reliability (no hallucination)
  • Generate default output dir: ~/MinerU-Skill/<name>_<hash>/

Comments

Loading comments...