Scan Report
5 /100
doc-extract
Extract text and content from Word documents (.doc, .docx) to Markdown using MinerU
Documentation-only skill that describes how to use the legitimate open-source MinerU CLI tool for Word document extraction. No executable code is bundled; all behavior is declared in SKILL.md.
Safe to install
This skill is safe to use. Security depends on the external mineru-open-api CLI tool (installed separately via npm or go install). Ensure the CLI tool itself is from a trusted source and has not been tampered with.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | SKILL.md: Reads .doc/.docx input files |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md: Runs mineru-open-api CLI commands |
| Network | READ | READ | ✓ Aligned | SKILL.md: Supports URL input for document extraction |
| Environment | READ | READ | ✓ Aligned | SKILL.md: Reads MINERU_TOKEN env var for authentication |
2 findings
Medium External URL 外部 URL
https://mineru.net SKILL.md:4 Medium External URL 外部 URL
https://mineru.net/apiManage/token SKILL.md:45 File Tree
1 files · 3.1 KB · 60 lines Markdown 1f · 60L
└─
SKILL.md
Markdown
Security Positives
✓ No executable code bundled - skill is documentation only
✓ All capabilities declared in SKILL.md
✓ Uses well-known open-source project (MinerU by OpenDataLab/Shanghai AI Lab)
✓ No credential harvesting or data exfiltration
✓ No base64, eval, or obfuscation techniques
✓ No sensitive path access (~/.ssh, ~/.aws, etc.)
✓ External URLs are legitimate (mineru.net for token management)
✓ Published on npm and go with verifiable sources