pptx-ocr 安全扫描报告 — 低风险 | ClawSafe

15 /100

pptx-ocr

OCR for PowerPoint (.pptx) presentations with scanned or image-embedded slide content

Documentation-only skill wrapping a legitimate open-source CLI tool (MinerU) with no hidden functionality or malicious code.

技能名称pptx-ocr

分析耗时28.0s

引擎pi

✓

可以安装

This skill is safe to use. Ensure MINERU_TOKEN is kept confidential and verify the mineru-open-api package source before installation.

安全发现 2 项

严重性	安全发现	位置
低危	External package dependency Skill instructs users to install mineru-open-api from npm/go. While MinerU is legitimate open-source software, always verify package authenticity. `npm install -g mineru-open-api` → Verify npm package integrity and source before installation	`SKILL.md:15`
提示	API token required MINERU_TOKEN environment variable required for OCR functionality. This is a standard API authentication pattern. `export MINERU_TOKEN="your-token"` → Ensure token is stored securely and not logged or exposed	`SKILL.md:31`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	SKILL.md: Extracts .pptx files
网络访问	`READ`	`READ`	✓ 一致	SKILL.md: Supports URL input for extraction
环境变量	`READ`	`READ`	✓ 一致	SKILL.md: Uses MINERU_TOKEN for API auth
命令执行	`NONE`	`NONE`	—	No shell commands in SKILL.md

2 项发现

🔗

中危外部 URL 外部 URL

https://mineru.net

SKILL.md:4

🔗

中危外部 URL 外部 URL

https://mineru.net/apiManage/token

SKILL.md:39

1 文件 · 2.6 KB · 55 行

Markdown 1f · 55L

└─ 📝 SKILL.md Markdown 55L · 2.6 KB

包名	版本	来源	已知漏洞	备注
`mineru-open-api`	`*`	npm/go	否	External CLI tool - verify package authenticity

✓ No executable scripts or code present - documentation only

✓ Uses legitimate open-source project (MinerU by OpenDataLab/Shanghai AI Lab)

✓ All capabilities clearly declared in SKILL.md

✓ No credential harvesting beyond required API authentication

✓ No network exfiltration or suspicious data transfer

✓ No hidden HTML comments or obfuscated code