html-extract 安全扫描报告 — 可信 | ClawSafe

0 /100

html-extract

Extract content from HTML pages and files using MinerU, converting to clean Markdown

The html-extract skill is a well-documented wrapper for the legitimate open-source MinerU tool that converts HTML to Markdown. No malicious behavior detected.

技能名称html-extract

分析耗时28.5s

引擎pi

✓

可以安装

This skill is safe to use. Ensure MINERU_TOKEN is stored securely and not logged or exposed.

资源类型	声明权限	推断权限	状态	证据
命令执行	`WRITE`	`WRITE`	✓ 一致	SKILL.md:15 - Runs mineru-open-api CLI commands
网络访问	`READ`	`READ`	✓ 一致	SKILL.md:15 - Extracts from remote URLs via mineru-open-api
文件系统	`READ,WRITE`	`READ,WRITE`	✓ 一致	SKILL.md:13 - Reads local HTML files, writes output to -o directory
环境变量	`READ`	`READ`	✓ 一致	SKILL.md:19 - Uses MINERU_TOKEN environment variable

2 项发现

🔗

中危外部 URL 外部 URL

https://mineru.net

SKILL.md:4

🔗

中危外部 URL 外部 URL

https://mineru.net/apiManage/token

SKILL.md:45

目录结构

1 文件 · 3.0 KB · 59 行

Markdown 1f · 59L

└─ 📝 SKILL.md Markdown 59L · 3.0 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`mineru-open-api`	`*`	npm or go	否	CLI tool installed via npm or go install, versions not pinned in SKILL.md

安全亮点

✓ Well-documented skill with clear purpose and usage

✓ Uses open-source tool (MinerU by OpenDataLab/Shanghai AI Lab)

✓ All shell commands are explicitly documented

✓ Authentication token required but not harvested or exfiltrated

✓ Standard npm/go installation methods used

✓ No base64, eval, or obfuscated code patterns

✓ No sensitive path access (~/.ssh, ~/.aws, etc.)

✓ No data exfiltration or credential theft

✓ Output paths are user-controlled via -o flag