Scan Report
0 /100
html-markdown
Convert HTML to Markdown using MinerU's document processing engine
Pure documentation skill describing external CLI tool usage with no local code execution, scripts, or hidden functionality.
Safe to install
This skill is safe to use. It provides documentation for an external CLI tool (mineru-open-api) and does not execute any local code.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No filesystem access in skill - external tool runs at user level |
| Network | NONE | NONE | — | No network access from agent - user runs external CLI directly |
| Shell | NONE | NONE | — | No shell execution from agent |
| Environment | NONE | NONE | — | Skill references MINERU_TOKEN but does not read it - user provides it to CLI |
| Skill Invoke | NONE | NONE | — | No cross-skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No database access |
2 findings
Medium External URL 外部 URL
https://mineru.net SKILL.md:4 Medium External URL 外部 URL
https://mineru.net/apiManage/token SKILL.md:42 File Tree
1 files · 3.1 KB · 58 lines Markdown 1f · 58L
└─
SKILL.md
Markdown
Security Positives
✓ Documentation-only skill with no executable code
✓ External tool (mineru-open-api) runs at user level, not agent level
✓ Clear documentation of required authentication (MINERU_TOKEN)
✓ No hidden functionality or obfuscated code
✓ Open-source tool from legitimate source (OpenDataLab, Shanghai AI Lab)
✓ No credential harvesting or data exfiltration
✓ No suspicious patterns (base64, eval, subprocess, curl|bash)