mineru-extract
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Data Exposure & Exfiltration (LOW): The skill transmits user-provided URLs to the external service
mineru.netfor processing. While essential for the skill's function, this involves sharing potentially sensitive URLs with a third party. - External Downloads (LOW): The skill's scripts download and extract ZIP files from
mineru.netinto~/.openclaw/workspace/mineru/. While the description specifies the contents are Markdown and JSON, the extraction process must be audited for vulnerabilities like Zip Slip (directory traversal via filenames in ZIP archives). - Indirect Prompt Injection (LOW): The skill creates a surface for indirect prompt injection by processing untrusted data from the web.
- Ingestion points: External URLs processed via the MinerU API (referenced in
scripts/mineru_parse_documents.py). - Boundary markers: The documentation does not specify the use of delimiters or warnings to prevent the LLM from following instructions embedded in the extracted content.
- Capability inventory: The skill executes local Python scripts and performs file writes to the user directory.
- Sanitization: There is no mention of sanitizing the parsed Markdown before it is returned to the agent.
- Command Execution (LOW): The skill relies on running local Python scripts (
mineru_parse_documents.py,mineru_extract.py) which interact with the filesystem and network. The full source code for these scripts was not provided for detailed audit.
Audit Metadata