扫描报告
5 /100
doc-extract
Extract text and content from Word documents (.doc, .docx) to Markdown using MinerU
Documentation-only skill that describes how to use the legitimate open-source MinerU CLI tool for Word document extraction. No executable code is bundled; all behavior is declared in SKILL.md.
可以安装
This skill is safe to use. Security depends on the external mineru-open-api CLI tool (installed separately via npm or go install). Ensure the CLI tool itself is from a trusted source and has not been tampered with.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | SKILL.md: Reads .doc/.docx input files |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md: Runs mineru-open-api CLI commands |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md: Supports URL input for document extraction |
| 环境变量 | READ | READ | ✓ 一致 | SKILL.md: Reads MINERU_TOKEN env var for authentication |
2 项发现
中危 外部 URL 外部 URL
https://mineru.net SKILL.md:4 中危 外部 URL 外部 URL
https://mineru.net/apiManage/token SKILL.md:45 目录结构
1 文件 · 3.1 KB · 60 行 Markdown 1f · 60L
└─
SKILL.md
Markdown
安全亮点
✓ No executable code bundled - skill is documentation only
✓ All capabilities declared in SKILL.md
✓ Uses well-known open-source project (MinerU by OpenDataLab/Shanghai AI Lab)
✓ No credential harvesting or data exfiltration
✓ No base64, eval, or obfuscation techniques
✓ No sensitive path access (~/.ssh, ~/.aws, etc.)
✓ External URLs are legitimate (mineru.net for token management)
✓ Published on npm and go with verifiable sources