扫描报告
5 /100
extract-formulas-from-pdf
Extract mathematical formulas and equations from PDF documents using MinerU
This is a straightforward skill wrapping the legitimate MinerU open-source PDF formula extraction tool. All capabilities, dependencies, and authentication requirements are clearly declared in SKILL.md with no hidden functionality.
可以安装
This skill is safe to use. The only requirements are a valid MINERU_TOKEN for API authentication, which is standard for cloud-based document intelligence services.
安全发现 2 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 提示 | External API dependencies | SKILL.md:4 |
| 提示 | API token requirement | SKILL.md:40 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md uses mineru-open-api CLI which calls mineru.net API |
| 文件系统 | READ | READ | ✓ 一致 | SKILL.md reads PDF files as input, writes to -o output directory |
| 环境变量 | READ | READ | ✓ 一致 | SKILL.md requires MINERU_TOKEN environment variable |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md documents npm install and go install commands |
2 项发现
中危 外部 URL 外部 URL
https://mineru.net SKILL.md:4 中危 外部 URL 外部 URL
https://mineru.net/apiManage/token SKILL.md:39 目录结构
1 文件 · 2.9 KB · 55 行 Markdown 1f · 55L
└─
SKILL.md
Markdown
安全亮点
✓ All functionality clearly documented in SKILL.md
✓ No shell execution beyond documented CLI tool installation
✓ No credential harvesting beyond required API token
✓ No base64, eval, or obfuscated code patterns
✓ No hidden instructions in comments or documentation
✓ Legitimate open-source project (MinerU by OpenDataLab/Shanghai AI Lab)
✓ No sensitive file access (no ~/.ssh, ~/.aws, .env probing)
✓ No network exfiltration or suspicious external communications