by 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill appears to do what it says: it installs a MinerU CLI and uploads documents to MinerU's cloud for OCR. Before installing or using it, consider: (1) MinerU processes files remotely — don't upload highly sensitive documents unless you trust their privacy policy and terms (check https://mineru.net). (2) Installing npm/go packages runs third-party code on your machine; review the package source (or use sandboxing) if you have security concerns. (3) Note the documented limits (10MB/20 pages...详细分析 ▾
✓ 用途与能力
The name/description (OCR extraction) match the declared binary dependency (mineru-open-api) and the listed install options (npm/uv/go). No unrelated credentials, binaries, or config paths are requested.
ℹ 指令范围
Runtime instructions call mineru-open-api flash-extract on local files or URLs and explicitly upload documents to MinerU's cloud for processing. This is expected for a cloud OCR service, but it means user data is transmitted externally — the skill does not attempt to read unrelated local files or environment variables.
ℹ 安装机制
Installation is provided via standard package managers (npm, uv, go install). These are expected for a CLI tool; installing npm/go packages runs third-party code on the host, which is normal but carries the usual supply-chain risk (not an incoherence with the skill purpose). No arbitrary download URLs or archive extraction were used.
✓ 凭证需求
No environment variables or credentials are required for the advertised 'flash-extract' capability. The SKILL.md notes an optional auth flow for higher-precision features, which would then require credentials — that is documented and consistent.
✓ 持久化与权限
Skill is not always-enabled and is user-invocable. It does not request elevated persistence or modify other skills' configurations.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/25
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install scan-to-markdown
镜像加速npx clawhub@latest install scan-to-markdown --registry https://cn.longxiaskill.com