mineru
Fail
Audited by Snyk on Mar 31, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.75). Most links (arXiv PDFs, example.com placeholders, and GitHub repos) look benign, but the skill explicitly instructs piping a remote install.sh/install.ps1 from cdn-mineru.openxlab.org.cn (and references other nonstandard domains like mineru.net/your-server.com) — direct execution of remote shell/PowerShell scripts from an unfamiliar CDN is a high-risk malware vector, so the overall set is moderately high risk.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). This skill's "crawl" command explicitly accepts and fetches arbitrary HTTP/HTTPS URLs (see SKILL.md "The
crawlcommand accepts any HTTP/HTTPS URL" and the "crawl — Web page extraction" section), meaning the agent ingests untrusted public web content as part of its workflow and could be influenced by that content.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill instructs running remote install scripts that are fetched-and-executed at runtime (e.g., curl -fsSL https://cdn-mineru.openxlab.org.cn/open-api-cli/install.sh | sh and irm https://cdn-mineru.openxlab.org.cn/open-api-cli/install.ps1 | iex), which directly execute remote code and are required to install the CLI the skill relies on.
Issues (3)
E005
CRITICALSuspicious download URL detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata