Scan Report
5 /100
doc-to-text
Extract plain readable text from Word documents (.doc, .docx) using MinerU
Pure documentation skill that describes how to use an external CLI tool (mineru-open-api) for Word document text extraction; no executable code, scripts, or suspicious behavior present.
Safe to install
No action required. This is a documentation-only skill that correctly describes its external CLI dependency.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file operations in skill - only documentation |
| Network | NONE | NONE | — | Skill does not make network calls - describes external CLI usage |
| Shell | NONE | NONE | — | No shell commands in skill - documents CLI usage only |
| Environment | NONE | NONE | — | Mentions MINERU_TOKEN env var but does not read it |
| Skill Invoke | NONE | NONE | — | No nested skill invocation |
| Clipboard | NONE | NONE | — | Not mentioned or used |
| Browser | NONE | NONE | — | Not used |
| Database | NONE | NONE | — | Not used |
2 findings
Medium External URL 外部 URL
https://mineru.net SKILL.md:4 Medium External URL 外部 URL
https://mineru.net/apiManage/token SKILL.md:45 File Tree
1 files · 3.3 KB · 61 lines Markdown 1f · 61L
└─
SKILL.md
Markdown
Security Positives
✓ Pure documentation skill with no executable code
✓ No hidden functionality or unexpected behavior
✓ Clear documentation of external dependencies and their purpose
✓ No credential harvesting or data exfiltration
✓ No shell execution within the skill itself
✓ Uses legitimate open-source tool (MinerU by OpenDataLab)
✓ No suspicious patterns like base64 encoding, eval, or subprocess calls
✓ Token usage is clearly documented as optional for basic .docx extraction