by 安全扫描
OpenClaw
安全
high confidenceThe skill's requirements and instructions match its stated purpose (running the mineru-open-api CLI to upload and convert Office files to Markdown); it is internally coherent but uploads user documents to an external service, so review privacy implications before use.
评估建议
This skill legitimately runs the mineru-open-api CLI to upload and convert Office files to Markdown. Before installing or using it, consider: (1) Privacy — flash-extract uploads your documents to MinerU's cloud without authentication; do not send sensitive or confidential files unless you trust the service and have reviewed its privacy policy. (2) Source trust — prefer installing via trusted package managers (npm or go) and, if using a direct download, verify checksums and the vendor site (miner...详细分析 ▾
✓ 用途与能力
The skill is a document-to-Markdown converter and requires the mineru-open-api CLI binary, which is exactly what's needed to perform the conversions described. No unrelated environment variables, binaries, or config paths are requested.
ℹ 指令范围
SKILL.md instructs the agent to run mineru-open-api flash-extract on local files or URLs; that CLI uploads documents to MinerU's cloud API for processing. This behavior is consistent with the skill's purpose but means user documents are transmitted off-device — a privacy/data-exfiltration consideration, not an incoherence.
ℹ 安装机制
Install options are npm/uv/go for a CLI named mineru-open-api (including a GitHub go package). These are reasonable distribution channels. The README also offers a direct-download fallback from mineru.net; downloading executables from a vendor site has higher risk than using a well-known package registry, so verify source/trustworthiness if using that fallback.
✓ 凭证需求
No environment variables or credentials are requested, which aligns with SKILL.md's explicit statement that no API key or signup is required. The lack of secrets is proportionate to the described 'flash-extract' use-case.
✓ 持久化与权限
The skill is not forced-always and does not request elevated or persistent platform privileges. It does not attempt to modify other skills or system-wide agent settings.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/24
docx-to-markdown 1.0.0 - Initial Release - Convert DOCX, PPTX, XLS, and XLSX files to Markdown using the MinerU Open API. - Supports both local files and URLs; no API key or signup required. - Preserves text, tables, and document structure. - Maximum supported: 10MB or 20 pages per document. - CLI tool available with multiple install options (npm, uv, go). - Enhanced privacy: documents are processed in real-time and not stored.
● 可疑
安装命令
点击复制官方npx clawhub@latest install docx-to-markdown
镜像加速npx clawhub@latest install docx-to-markdown --registry https://cn.longxiaskill.com