扫描报告
5 /100
html-parse
Parse HTML documents into structured Markdown using MinerU
This is a thin wrapper skill for MinerU's legitimate HTML-to-Markdown CLI tool with fully declared capabilities and no suspicious behavior.
可以安装
This skill is safe to use. No security concerns identified.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md:21-25 - documents npm/go install and CLI execution |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md:7-8 - fetches remote URLs via mineru-open-api extract/crawl |
| 文件系统 | WRITE | WRITE | ✓ 一致 | SKILL.md:28 - documents -o ./out/ for output directory |
| 环境变量 | READ | READ | ✓ 一致 | SKILL.md:9, metadata - requires MINERU_TOKEN for authentication |
2 项发现
中危 外部 URL 外部 URL
https://mineru.net SKILL.md:4 中危 外部 URL 外部 URL
https://mineru.net/apiManage/token SKILL.md:42 目录结构
1 文件 · 2.9 KB · 57 行 Markdown 1f · 57L
└─
SKILL.md
Markdown
安全亮点
✓ Single-file skill with no embedded scripts or binaries
✓ All shell commands are documented (npm install, go install, CLI execution)
✓ Uses only the MINERU_TOKEN environment variable, no enumeration of other secrets
✓ External URLs are legitimate MinerU service endpoints (mineru.net)
✓ No base64, no eval, no obfuscated code
✓ No credential harvesting beyond the required API token
✓ Open-source tool with verifiable repository (github.com/opendatalab/MinerU)
✓ No data exfiltration detected
✓ Filesystem write is limited to explicitly specified output directory