Scan Report
0 /100
html-analysis
Analyze the structure and content of HTML documents using MinerU. Returns structured Markdown with layout information, headings, and content hierarchy preserved.
This is a pure documentation skill for a legitimate open-source HTML analysis tool (MinerU). No executable code, no suspicious patterns, no credential harvesting, and no hidden functionality.
Safe to install
This skill is safe to use. It merely provides documentation for the MinerU CLI tool. No action required.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | SKILL.md - No filesystem access described |
| Network | READ | READ | ✓ Aligned | SKILL.md:29-30 - Uses mineru-open-api for remote URL analysis |
| Shell | NONE | NONE | — | SKILL.md - No shell execution; only documents CLI tool usage |
| Environment | READ | READ | ✓ Aligned | SKILL.md:39 - Requires MINERU_TOKEN environment variable |
| Skill Invoke | NONE | NONE | — | SKILL.md - No skill-to-skill invocations |
| Clipboard | NONE | NONE | — | SKILL.md - No clipboard access |
| Browser | NONE | NONE | — | SKILL.md - No browser automation |
| Database | NONE | NONE | — | SKILL.md - No database access |
2 findings
Medium External URL 外部 URL
https://mineru.net SKILL.md:4 Medium External URL 外部 URL
https://mineru.net/apiManage/token SKILL.md:42 File Tree
1 files · 3.0 KB · 57 lines Markdown 1f · 57L
└─
SKILL.md
Markdown
Security Positives
✓ Pure documentation skill with no executable code
✓ References legitimate open-source tool (MinerU by OpenDataLab/Shanghai AI Lab)
✓ No credential harvesting beyond MINERU_TOKEN which is for service authentication
✓ No base64/eval patterns or suspicious encoding
✓ No hidden instructions in comments
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No external data exfiltration
✓ No curl|bash or remote script execution
✓ Token is used only for MinerU API authentication, not exfiltrated