Word Parser
v0.2.0Parse and extract structured content from Word documents (.docx, .doc) using the MinerU API. This skill uses mineru-open-api CLI to parse Word files into str...
⭐ 0· 30·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description match the instructions: the SKILL.md tells the agent to install and run mineru-open-api to parse .doc/.docx files and output JSON/tables. No unrelated services or credentials are requested.
Instruction Scope
Instructions are narrowly scoped to installing the mineru-open-api CLI and running three parsing commands (flash-extract/extract). They do not instruct the agent to read unrelated system files or exfiltrate data. However, the SKILL.md states that a token is required for deep parsing but does not explain how the token is provided or stored (no env var or config path is declared).
Install Mechanism
Installation is via npm install -g mineru-open-api (public npm). This is a common mechanism but has moderate risk compared to no-install instruction-only skills: a global npm install writes binaries to the host. The skill provides no pinned version or provenance URL (homepage/source unknown), so verify the npm package and its publisher before running a global install.
Credentials
The skill declares no required environment variables, yet the instructions say a token is required for deep extracts. This is an inconsistency — the skill should document which credential (env var, config file, or CLI flag) is needed. Absence of declared credential handling makes it unclear how secrets are supplied or stored.
Persistence & Privilege
No always:true flag, no install scripts or system-wide config modifications are requested by the SKILL.md. The skill does direct output to ~/MinerU-Skill/<name>_<hash>/ by default, which is reasonable and limited to the user's home directory.
Assessment
Before installing or using this skill: 1) Verify the mineru-open-api npm package and its publisher on npmjs.org (check homepage, README, downloads, and source repo) to ensure you trust the code you will install globally. 2) Prefer a non-global install or run the CLI inside a disposable container/sandbox if you are unsure. 3) Confirm how the MinerU API token is obtained and supplied (which env var or config file); avoid putting secrets in world-readable files. 4) Test with non-sensitive documents first to confirm what data is transmitted to MinerU and whether the CLI uploads files to a remote service. 5) If you need tighter control, contact the publisher for docs or use an alternative tool with known provenance. If you can provide the mineru-open-api package link or information about how tokens are handled, I can reassess with higher confidence.Like a lobster shell, security has layers — review code before you run it.
analyzevk973apy5jpdh57tg6dj0at99p984brsccontentvk973apy5jpdh57tg6dj0at99p984brscdocvk973apy5jpdh57tg6dj0at99p984brscdocxvk973apy5jpdh57tg6dj0at99p984brscextractvk973apy5jpdh57tg6dj0at99p984brschierarchyvk973apy5jpdh57tg6dj0at99p984brsclatestvk9751a24mtx47k8p9pyjpscc2584axhqmineruvk973apy5jpdh57tg6dj0at99p984brscofficevk973apy5jpdh57tg6dj0at99p984brscparservk973apy5jpdh57tg6dj0at99p984brscsectionsvk973apy5jpdh57tg6dj0at99p984brscstructurevk973apy5jpdh57tg6dj0at99p984brscwordvk973apy5jpdh57tg6dj0at99p984brsc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.