Scan Report
5 /100
html-parse
Parse HTML documents into structured Markdown using MinerU
This is a thin wrapper skill for MinerU's legitimate HTML-to-Markdown CLI tool with fully declared capabilities and no suspicious behavior.
Safe to install
This skill is safe to use. No security concerns identified.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:21-25 - documents npm/go install and CLI execution |
| Network | READ | READ | ✓ Aligned | SKILL.md:7-8 - fetches remote URLs via mineru-open-api extract/crawl |
| Filesystem | WRITE | WRITE | ✓ Aligned | SKILL.md:28 - documents -o ./out/ for output directory |
| Environment | READ | READ | ✓ Aligned | SKILL.md:9, metadata - requires MINERU_TOKEN for authentication |
2 findings
Medium External URL 外部 URL
https://mineru.net SKILL.md:4 Medium External URL 外部 URL
https://mineru.net/apiManage/token SKILL.md:42 File Tree
1 files · 2.9 KB · 57 lines Markdown 1f · 57L
└─
SKILL.md
Markdown
Security Positives
✓ Single-file skill with no embedded scripts or binaries
✓ All shell commands are documented (npm install, go install, CLI execution)
✓ Uses only the MINERU_TOKEN environment variable, no enumeration of other secrets
✓ External URLs are legitimate MinerU service endpoints (mineru.net)
✓ No base64, no eval, no obfuscated code
✓ No credential harvesting beyond the required API token
✓ Open-source tool with verifiable repository (github.com/opendatalab/MinerU)
✓ No data exfiltration detected
✓ Filesystem write is limited to explicitly specified output directory