Scan Report
5 /100
doc-ocr
OCR for Word documents (.docx) containing scanned pages or image-embedded content using MinerU
A legitimate, well-documented OCR skill using MinerU CLI tool with no hidden functionality or suspicious behavior.
Safe to install
This skill is safe to use. No security concerns identified.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:22 - npm install; SKILL.md:24 - go install |
| Filesystem | READ | READ | ✓ Aligned | SKILL.md:28 - mineru-open-api extract report.docx reads .docx file |
| Filesystem | WRITE | WRITE | ✓ Aligned | SKILL.md:29 - -o ./out/ writes output to directory |
| Network | READ | READ | ✓ Aligned | SKILL.md:30 - calls mineru.net API with MINERU_TOKEN |
| Environment | READ | READ | ✓ Aligned | SKILL.md:36 - exports MINERU_TOKEN environment variable |
2 findings
Medium External URL 外部 URL
https://mineru.net SKILL.md:4 Medium External URL 外部 URL
https://mineru.net/apiManage/token SKILL.md:39 File Tree
1 files · 3.1 KB · 55 lines Markdown 1f · 55L
└─
SKILL.md
Markdown
Security Positives
✓ Well-documented SKILL.md with clear purpose and usage examples
✓ Metadata correctly declares required binary (mineru-open-api) and environment variable (MINERU_TOKEN)
✓ No hidden functionality - all operations are documented
✓ No credential harvesting or exfiltration beyond legitimate API authentication
✓ No shell command injection vectors detected
✓ Uses established, open-source tool (MinerU by OpenDataLab/Shanghai AI Lab)
✓ No suspicious patterns: no base64, no eval(), no curl|bash, no hidden IP addresses
✓ Clean code with no obfuscation