ClawHub

Word to HTML

v0.2.0

Convert Word documents (.docx, .doc) to clean HTML using the MinerU API. This skill uses mineru-open-api CLI to extract content from Word files and output st...

0· 30·0 current·0 all-time
by@veeicwgy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Word → HTML via MinerU) matches the SKILL.md: it installs and calls mineru-open-api CLI to run flash-extract or extract and produce HTML. Required capabilities (CLI usage, optional token for full extract) are coherent with the documented functionality.
Instruction Scope
Runtime instructions stay within the conversion task: install the CLI, run flash-extract or extract, write output to a per-skill output directory, and guide the user to authenticate only when needed. The skill does not instruct reading unrelated system files, enumerating credentials, or exfiltrating data to unexpected endpoints.
Install Mechanism
Installation is an npm global install (npm install -g mineru-open-api) described in SKILL.md. This is an expected distribution method for a CLI but carries the usual moderate risk of installing third‑party code from the public registry; the registry metadata does not include an automated install spec but the instructions clearly require installing the npm package.
Credentials
The skill declares no required env vars or primary credential. The instructions, however, state that a token is needed for full/exact 'extract' runs and point users to run 'mineru-open-api auth' or obtain a token from mineru.net. Not requesting an env var is reasonable because authentication is handled via the CLI, but users should be aware a networked auth token may be used by the CLI.
Persistence & Privilege
always: false and there is no install-time modification of other skills or system-wide agent configuration. The skill will create output directories under the user's home and expects a globally installed CLI; otherwise it does not request elevated or persistent platform privileges.
Assessment
This skill appears internally consistent, but before installing: (1) verify the mineru-open-api npm package and its publisher (check the npm page, repository, and MinerU website) to reduce supply-chain risk; (2) avoid sending highly sensitive documents to third-party cloud services unless you trust their privacy policy — use an offline converter if confidentiality is required; (3) when you run 'mineru-open-api auth', confirm what token scope and storage mechanism the CLI uses (it may store tokens locally); (4) consider installing the CLI in an isolated environment or reviewing its source code if you need higher assurance; and (5) if you prefer not to install global npm packages, run the package in a temporary environment or container.

Like a lobster shell, security has layers — review code before you run it.

cleanvk971dmeesact9gew0264dbspyd84b00ycmsvk971dmeesact9gew0264dbspyd84b00yconvertvk971dmeesact9gew0264dbspyd84b00ydocxvk971dmeesact9gew0264dbspyd84b00yemailvk971dmeesact9gew0264dbspyd84b00yhtmlvk971dmeesact9gew0264dbspyd84b00ylatestvk97dsfg8x2wzz0fqg9x6ezz0ts84bkx8mineruvk971dmeesact9gew0264dbspyd84b00yofficevk971dmeesact9gew0264dbspyd84b00ypublishvk971dmeesact9gew0264dbspyd84b00ysemanticvk971dmeesact9gew0264dbspyd84b00ywebvk971dmeesact9gew0264dbspyd84b00ywordvk971dmeesact9gew0264dbspyd84b00y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments