扫描报告
5 /100
doc-ocr
OCR for Word documents (.docx) containing scanned pages or image-embedded content using MinerU
A legitimate, well-documented OCR skill using MinerU CLI tool with no hidden functionality or suspicious behavior.
可以安装
This skill is safe to use. No security concerns identified.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md:22 - npm install; SKILL.md:24 - go install |
| 文件系统 | READ | READ | ✓ 一致 | SKILL.md:28 - mineru-open-api extract report.docx reads .docx file |
| 文件系统 | WRITE | WRITE | ✓ 一致 | SKILL.md:29 - -o ./out/ writes output to directory |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md:30 - calls mineru.net API with MINERU_TOKEN |
| 环境变量 | READ | READ | ✓ 一致 | SKILL.md:36 - exports MINERU_TOKEN environment variable |
2 项发现
中危 外部 URL 外部 URL
https://mineru.net SKILL.md:4 中危 外部 URL 外部 URL
https://mineru.net/apiManage/token SKILL.md:39 目录结构
1 文件 · 3.1 KB · 55 行 Markdown 1f · 55L
└─
SKILL.md
Markdown
安全亮点
✓ Well-documented SKILL.md with clear purpose and usage examples
✓ Metadata correctly declares required binary (mineru-open-api) and environment variable (MINERU_TOKEN)
✓ No hidden functionality - all operations are documented
✓ No credential harvesting or exfiltration beyond legitimate API authentication
✓ No shell command injection vectors detected
✓ Uses established, open-source tool (MinerU by OpenDataLab/Shanghai AI Lab)
✓ No suspicious patterns: no base64, no eval(), no curl|bash, no hidden IP addresses
✓ Clean code with no obfuscation