扫描报告
5 /100
paper-parser
Parse academic papers and research documents from PDF using MinerU
Single-file SKILL.md documentation for a MinerU CLI wrapper; all capabilities are explicitly declared and behavior is consistent with documented use.
可以安装
No action required. Skill is safe to use.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Install commands lack version pins | SKILL.md:11 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | READ | ✓ 一致 | SKILL.md: 'Parse academic paper (requires token) mineru-open-api extract paper.p… |
| 网络访问 | NONE | READ | ✓ 一致 | SKILL.md: 'mineru-open-api extract https://arxiv.org/pdf/2309.10918 -o ./out/' |
| 命令执行 | NONE | NONE | — | No scripts or inline code; skill is pure markdown documentation. |
| 环境变量 | NONE | READ | ✓ 一致 | SKILL.md: 'export MINERU_TOKEN="your-token"' |
3 项发现
中危 外部 URL 外部 URL
https://mineru.net SKILL.md:4 中危 外部 URL 外部 URL
https://arxiv.org/pdf/2309.10918 SKILL.md:30 中危 外部 URL 外部 URL
https://mineru.net/apiManage/token SKILL.md:42 目录结构
1 文件 · 3.1 KB · 58 行 Markdown 1f · 58L
└─
SKILL.md
Markdown
安全亮点
✓ No scripts or executable code present — skill is pure documentation
✓ All tool capabilities (filesystem read/write for PDFs, network for URL extraction) are explicitly documented in SKILL.md
✓ No hidden functionality, obfuscation, or base64-encoded payloads
✓ No credential exfiltration or suspicious network destinations
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env beyond the declared MINERU_TOKEN)
✓ Uses an established open-source project (MinerU by OpenDataLab) with clear provenance
✓ Token requirement is declared and documented