MiniMax Vision Captcha
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly aligned with its stated vision-analysis purpose, but its helper script builds and runs a shell command from unescaped user-controlled input, which can allow unintended command execution.
Review this skill before installing. If you use it, provide explicit image paths, avoid sending sensitive screenshots, and do not use CAPTCHA/slider analysis to bypass third-party protections without authorization. The helper script should be fixed to avoid shell command injection before use.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or malformed prompt/path could cause the agent environment to run unintended local commands.
The shell command is assembled from command-line prompt and image path values without escaping or argument separation, so crafted input could break out of the quoted fields and run arbitrary shell commands.
const cmd = `mcporter call minimax-coding-plan.understand_image prompt="${prompt}" image_source="${imagePath}"`;
const result = execSync(cmd, { encoding: 'utf-8', timeout: 30000 });Replace execSync with execFileSync or spawn using an argument array, validate image paths, and avoid passing untrusted strings through a shell.
Using it on third-party sites may bypass verification checks, violate terms of service, or trigger anti-abuse responses.
The skill explicitly supports CAPTCHA and slider-challenge analysis. This is disclosed and central to the skill, but it is a sensitive automation capability that can be misused against anti-bot or account-protection controls.
使用MiniMax MCP的视觉理解能力识别图片中的内容,解决验证码、滑块分析等问题。... 场景1:微信滑块验证码 ... 获取滑块位置描述
Use CAPTCHA/slider analysis only in authorized testing, accessibility, or owned-account workflows, and avoid automating protected third-party services without permission.
Sensitive information visible in screenshots may be shared with the configured MiniMax MCP/provider.
The workflow sends screenshots or image files to a MiniMax MCP/provider for analysis. This is expected for the skill, but screenshots can contain private page content.
mcporter call minimax-coding-plan.understand_image prompt="描述图片内容" image_source="/path/to/screenshot.png"
Review screenshots before analysis, avoid sending private pages unless necessary, and confirm the MiniMax MCP configuration and data handling are acceptable.
The latest browser screenshot may not be the image the user intended to analyze and could contain private information.
If no image path is supplied, the script selects the newest browser screenshot from the OpenClaw media directory and then sends it to the MiniMax MCP call.
const mediaDir = '/root/.openclaw/media/browser'; ... imagePath = path.join(mediaDir, files[0].name); ... const result = execSync(cmd, { encoding: 'utf-8', timeout: 30000 });Prefer supplying an explicit image path and add a confirmation step before sending automatically selected screenshots.
The skill may fail or behave differently depending on whatever mcporter/MiniMax MCP setup already exists in the environment.
The marketplace file declares a dependency on mcporter, while the registry requirements show no required binaries and there is no install spec. This is not malicious, but it means the runtime dependency and provenance are not fully captured in the registry metadata.
"dependencies": {
"node": ["mcporter"]
}Document the required mcporter and MiniMax MCP versions/configuration in the registry requirements or install instructions.