扫描报告
5 /100
ocr-pro
Professional-grade OCR for PDFs and images using MinerU
OCR skill wrapping the legitimate MinerU open-source tool via CLI. No code/scripts present—only documentation describing a standard PDF/image text extraction tool with API token authentication.
可以安装
No action needed. The skill is a thin wrapper over an open-source CLI tool with no hidden functionality.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | SKILL.md: 'Supports local files' |
| 文件系统 | WRITE | WRITE | ✓ 一致 | SKILL.md: '-o <dir>' for output |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md: 'From URL' and extract from https:// URLs |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md: CLI tool invocation via Bash |
| 环境变量 | READ | READ | ✓ 一致 | SKILL.md: 'MINERU_TOKEN' environment variable |
2 项发现
中危 外部 URL 外部 URL
https://mineru.net SKILL.md:4 中危 外部 URL 外部 URL
https://mineru.net/apiManage/token SKILL.md:42 目录结构
1 文件 · 3.1 KB · 58 行 Markdown 1f · 58L
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
mineru-open-api | * | npm/go | 否 | External CLI tool; implementation not reviewed here |
安全亮点
✓ No executable code—only documentation present
✓ All capabilities explicitly declared in SKILL.md
✓ Uses open-source MinerU project from Shanghai AI Lab (verified GitHub)
✓ API token authentication pattern is standard and secure
✓ No credential harvesting or exfiltration behavior
✓ No suspicious patterns: no base64, no eval, no subprocess chains, no IP connections