扫描报告
5 /100
photo-ocr
OCR for photos and images using MinerU. Extract text from photographs, screenshots, camera captures, and image files with high accuracy.
This is a documentation-only skill that wraps a legitimate CLI tool (mineru-open-api) for OCR operations. No malicious code or suspicious behavior detected.
可以安装
This skill is safe to use. Ensure the mineru-open-api binary is from the official source and review MINERU_TOKEN scope before production use.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | SKILL.md metadata declares mineru-open-api binary requirement |
| 网络访问 | READ | READ | ✓ 一致 | flash-extract accepts URLs (line 21), documented feature |
| 命令执行 | WRITE | WRITE | ✓ 一致 | CLI tool invocation via Bash is documented |
2 项发现
中危 外部 URL 外部 URL
https://mineru.net SKILL.md:4 中危 外部 URL 外部 URL
https://mineru.net/apiManage/token SKILL.md:51 目录结构
1 文件 · 3.6 KB · 68 行 Markdown 1f · 68L
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
mineru-open-api | latest | npm/go | 否 | External CLI tool - binary required, install from official npm/go registries |
安全亮点
✓ Documentation-only skill with no executable code
✓ Clear description of tool capabilities and limitations
✓ Authentication requirements properly documented (MINERU_TOKEN for extract, none for flash-extract)
✓ No credential harvesting or exfiltration behavior
✓ External dependencies (mineru-open-api) declared in metadata
✓ Output directory specification is explicit and user-controlled
✓ No base64, eval, or dynamic code execution patterns
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)