Scan Report
5 /100
paper-parser
Parse academic papers and research documents from PDF using MinerU
Single-file SKILL.md documentation for a MinerU CLI wrapper; all capabilities are explicitly declared and behavior is consistent with documented use.
Safe to install
No action required. Skill is safe to use.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | Install commands lack version pins | SKILL.md:11 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | READ | ✓ Aligned | SKILL.md: 'Parse academic paper (requires token) mineru-open-api extract paper.p… |
| Network | NONE | READ | ✓ Aligned | SKILL.md: 'mineru-open-api extract https://arxiv.org/pdf/2309.10918 -o ./out/' |
| Shell | NONE | NONE | — | No scripts or inline code; skill is pure markdown documentation. |
| Environment | NONE | READ | ✓ Aligned | SKILL.md: 'export MINERU_TOKEN="your-token"' |
3 findings
Medium External URL 外部 URL
https://mineru.net SKILL.md:4 Medium External URL 外部 URL
https://arxiv.org/pdf/2309.10918 SKILL.md:30 Medium External URL 外部 URL
https://mineru.net/apiManage/token SKILL.md:42 File Tree
1 files · 3.1 KB · 58 lines Markdown 1f · 58L
└─
SKILL.md
Markdown
Security Positives
✓ No scripts or executable code present — skill is pure documentation
✓ All tool capabilities (filesystem read/write for PDFs, network for URL extraction) are explicitly documented in SKILL.md
✓ No hidden functionality, obfuscation, or base64-encoded payloads
✓ No credential exfiltration or suspicious network destinations
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env beyond the declared MINERU_TOKEN)
✓ Uses an established open-source project (MinerU by OpenDataLab) with clear provenance
✓ Token requirement is declared and documented