📦 Aliyun Docmind Extract — 文档解析

v1.0.0

通过 Node.js SDK 调用阿里云文档智能（DocMind）服务，提交文档解析任务并轮询获取结果，适用于 Claude Code/Codex 场景下的文档结构化提取。

0· 78·0 当前·0 累计

by @cinience

API工具文档工具云服务

下载技能包

最后更新

2026/4/1

安全扫描

VirusTotal

无害

查看报告

OpenClaw

可疑

medium confidence

NULL

评估建议

Before installing: (1) Recognize this is a DocMind Node.js client and it requires your Alibaba Cloud access key and secret — only provide keys with the minimum permissions needed and avoid using long-lived high-privilege keys. (2) The skill metadata fails to declare these env vars; treat that as a red flag and prefer skills that list the credentials they need. (3) The SKILL.md validation step references Python files that do not exist and the quickstart.js hardcodes the cn-hangzhou endpoint while...

详细分析 ▾

ℹ 用途与能力

Name/description match the included code: both show a Node.js DocMind client that submits jobs and polls results. However, the registry metadata declares no required environment variables or primary credential even though the SKILL.md and quickstart.js require Alibaba Cloud access keys and region — an important mismatch.

⚠ 指令范围

SKILL.md instructs using ALICLOUD_ACCESS_KEY_ID and ALICLOUD_ACCESS_KEY_SECRET, submitting public file URLs (privacy risk), polling, and saving outputs. The validation step incorrectly attempts to py_compile *.py files in scripts/ even though the repo contains only a JavaScript quickstart, which is inconsistent and may cause false validation behavior. Instructions also recommend making files publicly accessible (expected for URL submission but exposes data).

✓ 安装机制

No install spec is provided (instruction-only). The SKILL.md asks the user to npm install official @alicloud packages — this is expected and proportionate. No downloads from untrusted URLs or extract operations are present.

⚠ 凭证需求

The skill legitimately needs Alibaba Cloud credentials (access key ID/secret and optional region) and runtime DOCMIND_* env vars, but the package metadata does not declare these required envs or a primary credential. That mismatch is a transparency issue: the skill will require secrets at runtime despite listing none in metadata.

✓ 持久化与权限

The skill does not request permanent/always presence, does not modify other skills, and does not include install-time persistence. Autonomous invocation is allowed (platform default) but not combined with other high privileges here.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/4/1

NULL

● 无害

安装命令

点击复制

官方npx clawhub@latest install aliyun-docmind-extract

镜像加速npx clawhub@latest install aliyun-docmind-extract --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库