Scan Report
0 /100
pdf-to-html
Convert PDF documents to HTML using MinerU. Transforms PDF files into web-ready HTML with structure and formatting preserved.
This is a thin wrapper skill containing only documentation for a legitimate open-source CLI tool (mineru-open-api). No executable code, scripts, or dependencies are present, and the only network access is via the documented CLI tool that users install separately.
Safe to install
This skill is safe to use. The SKILL.md is purely documentation for an open-source MinerU CLI tool published by Shanghai AI Lab. No code is executed; the agent simply passes commands to the installed mineru-open-api binary.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file operations in SKILL.md; filesystem access is handled by the user-install… |
| Network | READ | READ | ✓ Aligned | SKILL.md documents URL input support ('From URL' example); this is explicitly de… |
| Shell | NONE | NONE | — | SKILL.md documents CLI commands but does not execute them; execution is delegate… |
| Environment | READ | READ | ✓ Aligned | SKILL.md line 36: 'export MINERU_TOKEN="your-token"' — token env var declared an… |
| Skill Invoke | NONE | NONE | — | No skill-to-skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No database access |
2 findings
Medium External URL 外部 URL
https://mineru.net SKILL.md:4 Medium External URL 外部 URL
https://mineru.net/apiManage/token SKILL.md:42 File Tree
1 files · 2.7 KB · 57 lines Markdown 1f · 57L
└─
SKILL.md
Markdown
Security Positives
✓ No executable code — skill consists only of documentation
✓ No dependencies or package files that could contain malicious code
✓ Uses a well-known open-source project (MinerU by OpenDataLab/Shanghai AI Lab)
✓ All functionality is explicitly declared in SKILL.md
✓ Token-based authentication is standard practice for API services
✓ CLI tool installation paths (npm, go) are standard and auditable
✓ No hidden instructions, encoded payloads, or suspicious patterns
✓ Source repository (github.com/opendatalab/MinerU) is publicly verifiable