ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

minimax-tokenplan-tts

v1.0.1

Generate speech audio from text using MiniMax speech-2.8-hd model. Supports multiple voice options, speed/pitch/volume control, WAV file output with automati...

1· 81·0 current·0 all-time
byk.x.@4833675
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (MiniMax TTS) align with the included scripts and declared binaries (python3, ffplay) and the single required credential (MINIMAX_API_KEY). Minor inconsistency: the SKILL.md/registry declares MINIMAX_API_KEY as required, but the shipped scripts default to a top-of-file API_KEY constant and only accept an override via --api-key rather than automatically reading the MINIMAX_API_KEY env var — the README even tells the user to edit the scripts to paste the key. This is bad practice but consistent with a simple wrapper script.
!
Instruction Scope
SKILL.md instructs the agent/user to obtain the API key and to edit the two scripts directly (paste the key and base URL) and then delete the init section. Encouraging manual insertion of secrets into code files is insecure. The instructions also reference IDENTIY.md (not present in the bundle) and recommend always using streaming playback in webchat — giving the agent a persistent preference but not itself malicious. The scripts perform network calls only to the documented MiniMax endpoints; there is no evidence they read unrelated system files or environment variables. However, stream_play.py explicitly disables SSL certificate verification (ssl.verify_mode = CERT_NONE and check_hostname = False), which weakens transport security and could expose the API key to a man-in-the-middle.
Install Mechanism
Registry reports no install spec but SKILL.md metadata contains an install entry pointing to https://clawhub.ai/skills/minimax-tokenplan-tts (kind: download). There is no evidence the skill automatically downloads arbitrary code at runtime in the included files, but the presence of a download install URL in metadata (not a well-known release host) is a minor red flag. The actual deliverable is an instruction-only skill with bundled scripts (no opaque remote install required).
!
Credentials
Only one credential (MINIMAX_API_KEY) is declared, which is appropriate for a TTS integration. But the scripts do not automatically use the MINIMAX_API_KEY env var — they rely on a hard-coded placeholder and instruct users to embed the key in the scripts or pass --api-key. That increases risk of accidental secret leakage. Additionally, the stream websocket code disables TLS verification, which combined with a bearer token increases the risk of credential exposure via MITM. No other unrelated credentials or config paths are requested.
Persistence & Privilege
The skill does not request always:true and does not try to modify other skills or system-wide settings. It writes TTS output to ~/.openclaw/media/minimax/tts/ (declared filesystem write permission), which is proportional to its purpose. It can be invoked autonomously by the agent (default), which is expected behavior for a skill.
What to consider before installing
This skill appears to implement the claimed MiniMax TTS functionality, but take these precautions before installing/using it: - Do NOT paste your API key into the top of the scripts. Instead pass it on the command line or modify the code to read MINIMAX_API_KEY from the environment (safer than hard-coding). - The streaming script disables SSL verification (accepts any certificate). This makes the API key vulnerable to interception on hostile or misconfigured networks. If you plan to use streaming, edit stream_play.py to enable certificate verification (remove the lines that set check_hostname=False and verify_mode=CERT_NONE) or ensure you use a trusted network. - The SKILL.md metadata references a download URL (clawhub.ai) rather than the MiniMax domain; prefer obtaining code from trusted sources or verify the included files' contents. Since the package already includes scripts, prefer using the bundled code rather than invoking any external installer from unknown hosts. - Avoid leaving secrets in code or in version-controlled files. If you must store credentials locally, use environment variables or a secrets manager and confirm the script reads them securely. - Review and test on an isolated environment first (or with a non-production API key) before allowing the agent to call this skill autonomously. If the maintainer can: (1) remove the hard-coded API_KEY placeholder and read MINIMAX_API_KEY from env by default, and (2) enable proper SSL verification in the websocket client, the remaining concerns would be largely addressed and my confidence would increase.

Like a lobster shell, security has layers — review code before you run it.

latestvk978c7w3ex2yg91dnxmw4kmyxs848k98

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔊 Clawdis
OSmacOS · Linux · Windows
Binspython3, ffplay
EnvMINIMAX_API_KEY

Comments