mineru-ocr

Fail

Audited by Snyk on Apr 30, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs users to provide their MinerU Token to the AI (e.g., "帮我配置 MinerU,Token 是:xxx" and "新的 Token 是:xxx"), which requires the agent to receive and likely embed that secret verbatim into config files/commands, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). This skill explicitly accepts and processes arbitrary remote document and webpage URLs (see SKILL.md) and the runtime script (.claude/skills/mineru-ocr/scripts/convert.js — functions convertRemoteUrlWithTokenApi / convertRemoteUrlWithLightApi and downloadRemoteImages) posts those URLs to external APIs, ingests the extracted Markdown, and even downloads remote assets, so it clearly fetches and acts on untrusted third-party web content.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
HIGH
Analyzed
Apr 30, 2026, 07:13 AM
Issues
2
Security Audit — snyk — mineru-ocr