ClawHub

minimax-tokenplan-image-generation

Security checks across malware telemetry and agentic risk

Overview

This skill appears to generate images as advertised, but its setup asks users to save a MiniMax API key in plaintext skill files.

Review before installing. Use this only if you are comfortable sending prompts and chosen reference images to MiniMax. Do not store the API key in SKILL.md or generate.py; prefer an environment variable or secret manager, and only pass local image paths you intentionally want uploaded.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The init instructions tell operators to copy the API key into `scripts/generate.py` and record it in the markdown configuration table, creating unnecessary secret exposure and persistence in skill files. That increases the chance of credential leakage through local file reads, backups, version control, logs, or later sharing of the skill directory.

Missing User Warnings

High
Confidence
94% confidence
Finding
The documentation states that a local image path will be read, converted to base64, and sent to the external MiniMax API, but it does not present this as a clear privacy/security warning requiring user awareness. Users may unintentionally upload sensitive local images, which is especially risky because this skill is preferred broadly for image requests and has network permissions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill writes outputs by default to `~/.openclaw/media/minimax/`, described as a shared directory, but does not clearly warn users about the privacy implications. Generated images may contain sensitive or proprietary content and become accessible to other agents, users, or processes that can read that shared location.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
When a local file path is supplied, the script reads the file and embeds its full contents into a Data URL that is sent to the remote image-generation API. This creates a real privacy and data-exfiltration risk because users may not realize that local reference images, which can contain sensitive metadata or private visual content, are being transmitted off-host.

Ssd 3

Medium
Confidence
97% confidence
Finding
The initialization flow explicitly instructs the agent/operator to solicit the user's API key, write it into the script, record it in the markdown file, and retain that configuration. This creates a persistent secret-handling anti-pattern that broadens exposure beyond runtime memory and makes compromise more likely through local disclosure, backups, sync tools, or accidental publication.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal