扫描报告
0 /100
html-markdown
Convert HTML to Markdown using MinerU's document processing engine
Pure documentation skill describing external CLI tool usage with no local code execution, scripts, or hidden functionality.
可以安装
This skill is safe to use. It provides documentation for an external CLI tool (mineru-open-api) and does not execute any local code.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No filesystem access in skill - external tool runs at user level |
| 网络访问 | NONE | NONE | — | No network access from agent - user runs external CLI directly |
| 命令执行 | NONE | NONE | — | No shell execution from agent |
| 环境变量 | NONE | NONE | — | Skill references MINERU_TOKEN but does not read it - user provides it to CLI |
| 技能调用 | NONE | NONE | — | No cross-skill invocation |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser automation |
| 数据库 | NONE | NONE | — | No database access |
2 项发现
中危 外部 URL 外部 URL
https://mineru.net SKILL.md:4 中危 外部 URL 外部 URL
https://mineru.net/apiManage/token SKILL.md:42 目录结构
1 文件 · 3.1 KB · 58 行 Markdown 1f · 58L
└─
SKILL.md
Markdown
安全亮点
✓ Documentation-only skill with no executable code
✓ External tool (mineru-open-api) runs at user level, not agent level
✓ Clear documentation of required authentication (MINERU_TOKEN)
✓ No hidden functionality or obfuscated code
✓ Open-source tool from legitimate source (OpenDataLab, Shanghai AI Lab)
✓ No credential harvesting or data exfiltration
✓ No suspicious patterns (base64, eval, subprocess, curl|bash)