Back to skill
Skillv0.2.0
ClawScan security
Word OCR · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 6, 2026, 1:11 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions claim to use the mineru-open-api CLI for Word OCR (which is coherent), but the package's metadata omits required binaries/credentials and there is no homepage/source listed — this mismatch and the implicit npm global install raise transparency and provenance concerns.
- Guidance
- This skill appears to do what it says (OCR Word docs via mineru-open-api) but the registry metadata is missing provenance and required-dependency declarations. Before installing, verify the mineru-open-api package on npm (check publisher, download counts, repository, and source code). Confirm the mineru.net token workflow and how the CLI expects the token (env var, config file, or interactive). Prefer installing/testing the package in an isolated environment (container or VM) rather than globally on your main system. Avoid supplying sensitive credentials until you confirm the package origin and how tokens are stored/used. If you can't verify the package/source, treat this as untrusted and do not install globally.
Review Dimensions
- Purpose & Capability
- concernThe skill's stated purpose (OCR Word docs via mineru-open-api) aligns with the instructions, but registry metadata lists no required binaries or credentials while the SKILL.md explicitly instructs installing an npm CLI (npm install -g mineru-open-api). The absence of a declared dependency on npm/node or the mineru CLI in the metadata is an incoherence and reduces transparency. Also the registry entry provides no homepage/source to verify the package.
- Instruction Scope
- noteThe SKILL.md stays on-topic (commands only target OCR of .doc/.docx). It instructs installing a global npm package and running mineru-open-api commands that read user-supplied Word files and write output to ~/MinerU-Skill/<name>_<hash>/. There are no instructions that access unrelated system paths or exfiltrate data, but the default output path and global install are operational details users should be aware of.
- Install Mechanism
- concernThere is no install spec in the registry, but the instructions require a global npm install. Installing an npm package globally executes third‑party code on the host; without a homepage/source or provenance info this is higher-risk. If the mineru-open-api package on npm is legitimate and trusted this is typical, but the lack of source links in the skill metadata is a transparency gap.
- Credentials
- concernThe SKILL.md says advanced/precision OCR requires a token and links to mineru.net for token management, but the skill metadata declares no required environment variables or primary credential. It's unclear how the token is provided to the CLI (env var, config file, interactive input), which is an omission that affects whether credentials may be stored or transmitted insecurely.
- Persistence & Privilege
- okThe skill does not request persistent/always-on privileges and is user-invocable only. It doesn't instruct changes to other skills or global agent settings. No elevated platform privileges are requested.