Scan Report
5 /100
extract-formulas-from-pdf
Extract mathematical formulas and equations from PDF documents using MinerU
This is a straightforward skill wrapping the legitimate MinerU open-source PDF formula extraction tool. All capabilities, dependencies, and authentication requirements are clearly declared in SKILL.md with no hidden functionality.
Safe to install
This skill is safe to use. The only requirements are a valid MINERU_TOKEN for API authentication, which is standard for cloud-based document intelligence services.
Findings 2 items
| Severity | Finding | Location |
|---|---|---|
| Info | External API dependencies | SKILL.md:4 |
| Info | API token requirement | SKILL.md:40 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | SKILL.md uses mineru-open-api CLI which calls mineru.net API |
| Filesystem | READ | READ | ✓ Aligned | SKILL.md reads PDF files as input, writes to -o output directory |
| Environment | READ | READ | ✓ Aligned | SKILL.md requires MINERU_TOKEN environment variable |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md documents npm install and go install commands |
2 findings
Medium External URL 外部 URL
https://mineru.net SKILL.md:4 Medium External URL 外部 URL
https://mineru.net/apiManage/token SKILL.md:39 File Tree
1 files · 2.9 KB · 55 lines Markdown 1f · 55L
└─
SKILL.md
Markdown
Security Positives
✓ All functionality clearly documented in SKILL.md
✓ No shell execution beyond documented CLI tool installation
✓ No credential harvesting beyond required API token
✓ No base64, eval, or obfuscated code patterns
✓ No hidden instructions in comments or documentation
✓ Legitimate open-source project (MinerU by OpenDataLab/Shanghai AI Lab)
✓ No sensitive file access (no ~/.ssh, ~/.aws, .env probing)
✓ No network exfiltration or suspicious external communications