Back to skill
Skillv0.2.0
ClawScan security
PDF to Text · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 6, 2026, 1:13 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requirements are coherent with its stated purpose (using the mineru-open-api CLI to convert PDFs to text); it is instruction-only and does not request unrelated credentials or system access.
- Guidance
- This skill is coherent: it tells the agent to use the mineru-open-api CLI to extract text from PDFs. Before installing or running it, do the following: (1) inspect the mineru-open-api package on npm (publisher, download counts, source repo) to ensure it's trustworthy; (2) be aware `npm install -g` writes global binaries and may run install scripts—prefer a sandbox or local install (no -g) if you want to be cautious; (3) check MinerU's privacy/terms because using OCR/batch likely uploads document contents to mineru.net (sensitive documents may be exposed); (4) confirm how the MinerU token is stored by the CLI (env var vs config file) before supplying credentials; (5) test with non-sensitive PDFs first. If any of these checks raise concerns (no source repo, questionable publisher, or unclear token handling), do not install or run the CLI.
Review Dimensions
- Purpose & Capability
- okThe name/description (PDF to Text via MinerU) match the SKILL.md: all runtime steps call the mineru-open-api CLI to extract text/OCR. There are no requests for unrelated cloud credentials, config paths, or unrelated binaries.
- Instruction Scope
- okRuntime instructions are limited to installing and running mineru-open-api, checking file sizes, and writing output directories. They operate on user-supplied PDF files and do not instruct the agent to read unrelated system files, exfiltrate data, or call unexpected external endpoints beyond the MinerU service referenced.
- Install Mechanism
- noteThere is no formal install spec in registry metadata; the SKILL.md instructs users to run `npm install -g mineru-open-api`. Installing a global npm package is a reasonable way to get a CLI but carries the usual npm risks (postinstall scripts, privilege elevation to write global binaries). Recommend reviewing the mineru-open-api npm package and its maintainer before running global install.
- Credentials
- noteThe skill declares no required environment variables or credentials, which is consistent with 'flash-extract' being tokenless for small files. SKILL.md does mention that OCR/batch modes require configuring a MinerU token (link provided). The skill does not declare how that token is provided (env var, config file, or interactive login), so users should verify how the CLI stores/reads tokens before providing sensitive credentials.
- Persistence & Privilege
- okThe skill is instruction-only and not always-enabled. It does not request system-wide persistent privileges or modify other skills' configs. Agent autonomous invocation is allowed (platform default) but not exceptional here.