Scan Report
0 /100
html-extract
Extract content from HTML pages and files using MinerU, converting to clean Markdown
The html-extract skill is a well-documented wrapper for the legitimate open-source MinerU tool that converts HTML to Markdown. No malicious behavior detected.
Safe to install
This skill is safe to use. Ensure MINERU_TOKEN is stored securely and not logged or exposed.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:15 - Runs mineru-open-api CLI commands |
| Network | READ | READ | ✓ Aligned | SKILL.md:15 - Extracts from remote URLs via mineru-open-api |
| Filesystem | READ,WRITE | READ,WRITE | ✓ Aligned | SKILL.md:13 - Reads local HTML files, writes output to -o directory |
| Environment | READ | READ | ✓ Aligned | SKILL.md:19 - Uses MINERU_TOKEN environment variable |
2 findings
Medium External URL 外部 URL
https://mineru.net SKILL.md:4 Medium External URL 外部 URL
https://mineru.net/apiManage/token SKILL.md:45 File Tree
1 files · 3.0 KB · 59 lines Markdown 1f · 59L
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
mineru-open-api | * | npm or go | No | CLI tool installed via npm or go install, versions not pinned in SKILL.md |
Security Positives
✓ Well-documented skill with clear purpose and usage
✓ Uses open-source tool (MinerU by OpenDataLab/Shanghai AI Lab)
✓ All shell commands are explicitly documented
✓ Authentication token required but not harvested or exfiltrated
✓ Standard npm/go installation methods used
✓ No base64, eval, or obfuscated code patterns
✓ No sensitive path access (~/.ssh, ~/.aws, etc.)
✓ No data exfiltration or credential theft
✓ Output paths are user-controlled via -o flag