by 安全扫描
OpenClaw
安全
high confidenceThe skill is internally consistent: it delegates PPTX parsing to the mineru-open-api binary and only requires the MINERU_TOKEN for the documented full-parse path.
评估建议
This skill appears to do what it says: it runs the mineru-open-api CLI to parse PPTX files and needs MINERU_TOKEN only for the full 'extract' flow. Before installing, verify the mineru-open-api package/source (npm package page and the GitHub repo linked in the docs), confirm the token creation endpoint is legitimate (https://mineru.net), and review the CLI's privacy policy or source code if you need to parse sensitive slides (to confirm whether data is sent to a remote API). Treat MINERU_TOKEN l...详细分析 ▾
✓ 用途与能力
Name/description (PPTX parsing) match the declared dependency (mineru-open-api CLI). The required binary and the MINERU_TOKEN credential align with the stated functionality (flash-extract vs extract).
✓ 指令范围
SKILL.md instructs running the mineru-open-api CLI on local files or URLs and documents when a token is required. It does not instruct reading unrelated system files or accessing unrelated credentials.
ℹ 安装机制
Install uses an npm package or a Go 'go install' from a GitHub repo. These are typical for a CLI but carry the usual supply-chain risk of third-party packages; no arbitrary URL downloads or extract-from-unknown-host patterns are present.
✓ 凭证需求
Only MINERU_TOKEN is required and is documented as needed for the full 'extract' operation; this is proportionate to a service-backed parser. No unrelated secrets or multiple credentials are requested.
✓ 持久化与权限
Skill is not always-enabled and does not request elevated or cross-skill configuration. Autonomous invocation is allowed (default) but is normal and not combined with other red flags.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.4.02026/4/2
SEO: expand description for better ClawHub vector search discovery
● 无害
安装命令
点击复制官方npx clawhub@latest install pptx-parse
镜像加速npx clawhub@latest install pptx-parse --registry https://cn.longxiaskill.com