Scan Report
0 /100
doc-analysis
Analyze the structure, layout, and content of Word documents (.doc, .docx) using MinerU. Returns structured Markdown with headings, paragraphs, tables, and layout information preserved.
The skill is a pure documentation wrapper for the mineru-open-api CLI tool, with no implementation files, scripts, or hidden functionality — all declared capabilities are appropriate for document analysis.
Safe to install
This skill is safe to use. No further security action required.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | SKILL.md:27 — mineru-open-api extract report.docx reads local .doc/.docx files |
| Network | READ | READ | ✓ Aligned | SKILL.md:28 — 'local file or URL' supported; mineru-open-api POSTs to https://mi… |
| Environment | READ | READ | ✓ Aligned | SKILL.md:4 — metadata.requires.env=['MINERU_TOKEN']; SKILL.md:38 — export MINERU… |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:30 — mineru-open-api extract ... -o ./out/ writes output files |
| Skill Invoke | NONE | NONE | — | No nested skill invocation declared or observed |
| Clipboard | NONE | NONE | — | No clipboard access mentioned |
| Browser | NONE | NONE | — | No browser access mentioned |
| Database | NONE | NONE | — | No database access mentioned |
2 findings
Medium External URL 外部 URL
https://mineru.net SKILL.md:4 Medium External URL 外部 URL
https://mineru.net/apiManage/token SKILL.md:42 File Tree
1 files · 3.1 KB · 57 lines Markdown 1f · 57L
└─
SKILL.md
Markdown
Security Positives
✓ Only one file exists (SKILL.md) — no hidden scripts or binaries
✓ All capabilities (filesystem:READ, network:READ, shell:WRITE, environment:READ) are fully declared and appropriate for document analysis
✓ No credential harvesting beyond the legitimate MINERU_TOKEN for API authentication
✓ No base64, eval, curl|bash, or other high-risk patterns present
✓ Skill is a thin documentation wrapper for a known open-source tool (MinerU by OpenDataLab/Shanghai AI Lab)
✓ No sensitive paths (.ssh, .aws, .env) are accessed
✓ Token management is standard CLI pattern (auth command or env var) — not exfiltrated