ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

MiniMax Search & VLM

v1.0.0

使用 MiniMax Coding Plan API 进行网络搜索和图片理解。使用场景:(1) 用户需要搜索实时信息或新闻,(2) 需要分析图片内容,(3) 做研究或查找资料。无需 API key:用户需自行配置。

0· 490·0 current·0 all-time
by@l1-m1ng
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The described purpose (web search + image understanding) matches the runtime instructions (curl calls to search and VLM endpoints). However the registry metadata lists no required environment variables or primary credential while the SKILL.md clearly instructs the user to create and source a MINIMAX_API_KEY file (~/.openclaw/config/minimax-api.env). That omission is an inconsistency.
Instruction Scope
SKILL.md explicitly instructs the agent (user) to read a local config file for MINIMAX_API_KEY, to base64-encode local images and send them to the remote API, and to download remote images into /tmp. Those actions are consistent with the skill's stated function, but they do involve reading local files (images and a file containing a secret) and transmitting their contents to an external service — which is expected for this feature but should be understood by the user.
Install Mechanism
Instruction-only skill (no install spec, no code files). Required binary is curl, which is reasonable for the provided curl examples. No archive downloads or third-party installers were found.
!
Credentials
The SKILL.md requires a MINIMAX_API_KEY stored in ~/.openclaw/config/minimax-api.env and instructs sourcing it before requests, but the registry metadata declares no required env vars or primary credential. This mismatch means the skill will need a secret not advertised at install time. Additionally, there's no homepage or verified source to confirm where that API key should be obtained or to audit the service.
Persistence & Privilege
always is false and the skill is user-invocable and may be called autonomously (platform default). The skill does not request to modify other skills or system-wide settings. Autonomy combined with the network calls is normal for this kind of integration but increases the impact if the external service or key is untrusted.
What to consider before installing
This skill appears to perform the search and image-analysis tasks it describes, but pay attention before installing: (1) the SKILL.md requires you to create and source a MINIMAX_API_KEY file (~/.openclaw/config/minimax-api.env), yet the registry entry does not declare that credential — confirm you are comfortable providing an API key. (2) There is no homepage or known source for the skill or the MiniMax service in the metadata; verify the api.minimaxi.com domain and the developer/platform before sharing keys or uploading sensitive images. (3) If you proceed, use a dedicated, limited-scope API key (not a reused account key), avoid sending highly sensitive images, and monitor usage. If the publisher updates the registry to explicitly declare MINIMAX_API_KEY and provides verifiable source/homepage or documentation, that would reduce my concern; absence of provenance keeps this in the 'suspicious' bucket.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔍 Clawdis
Binscurl
latestvk97439arkac9z23j3xjk52m9zn822a0v
490downloads
0stars
1versions
Updated 7h ago
v1.0.0
MIT-0
@l1-m1ng
latest
Download

MiniMax MCP Skill

使用 MiniMax Coding Plan API 进行网络搜索和图片理解。

何时使用

使用这个 skill 当:

  • 用户需要搜索实时信息(新闻、科技动态等)
  • 需要分析图片内容(描述图片、提取信息)
  • 做研究、查找资料
  • 用户问"今天有什么科技新闻"

不要使用这个 skill 当:

  • 本地文件操作 → 使用 execread 工具
  • 简单的计算或文本处理 → 直接处理
  • 需要登录认证的搜索 → 使用其他方式

配置步骤(用户需先完成)

首次使用需要配置 API Key,只需执行一次:

# 创建配置目录(如不存在)
mkdir -p ~/.openclaw/config

# 添加 API Key(替换为你自己的 key)
echo 'MINIMAX_API_KEY=你的API密钥' > ~/.openclaw/config/minimax-api.env

# 设置安全权限
chmod 600 ~/.openclaw/config/minimax-api.env

API Key 需要从 MiniMax 开发者平台获取:https://platform.minimaxi.com

功能

1. 网络搜索

搜索网络获取实时信息。

# 加载 API Key
source ~/.openclaw/config/minimax-api.env

# 搜索示例
curl -s "https://api.minimaxi.com/v1/coding_plan/search" \
  -H "Authorization: Bearer $MINIMAX_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"q":"今天科技新闻"}'

2. 图片理解

分析图片内容,支持本地文件或网络图片。

# 加载 API Key
source ~/.openclaw/config/minimax-api.env

# 分析本地图片
IMG_PATH="/path/to/image.jpg"
curl -s "https://api.minimaxi.com/v1/coding_plan/vlm" \
  -H "Authorization: Bearer $MINIMAX_API_KEY" \
  -H "Content-Type: application/json" \
  -d "{\"prompt\":\"描述这张图片\",\"image_url\":\"data:image/jpeg;base64,$(base64 -w0 $IMG_PATH)\"}"

支持格式: JPEG, PNG, GIF, WebP(最大 20MB)

快速命令

搜索并美化输出

source ~/.openclaw/config/minimax-api.env
curl -s "https://api.minimaxi.com/v1/coding_plan/search" \
  -H "Authorization: Bearer $MINIMAX_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"q":"关键词"}' | python3 -c "
import json,sys
data = json.load(sys.stdin)
for r in data.get('organic',[])[:5]:
    print(f'• {r[\"title\"]}')
    print(f'  {r[\"link\"]}\n')
"

下载网络图片后分析

source ~/.openclaw/config/minimax-api.env
curl -s "https://example.com/image.jpg" -o /tmp/tmp_img.jpg
curl -s "https://api.minimaxi.com/v1/coding_plan/vlm" \
  -H "Authorization: Bearer $MINIMAX_API_KEY" \
  -H "Content-Type: application/json" \
  -d "{\"prompt\":\"描述这张图片\",\"image_url\":\"data:image/jpeg;base64,$(base64 -w0 /tmp/tmp_img.jpg)\"}"

注意事项

  • API Key 保存在用户本地配置文件中,不会随 skill 发布
  • 请勿在命令输出或日志中暴露 API Key
  • 搜索 API 有频率限制,避免短时间内大量请求

Comments

Loading comments...