ClawHub

Minimax Image Understanding

Security checks across malware telemetry and agentic risk

Overview

This skill is a user-run image description tool that sends selected images to named vision AI providers, with privacy and endpoint-configuration cautions but no hidden or destructive behavior found.

Install only if you are comfortable sending chosen images and prompts to MiniMax, OpenAI, or Anthropic under those providers' data policies. Do not use it on confidential screenshots, regulated documents, IDs, or credentials unless your policy allows that, and avoid setting MINIMAX_API_HOST to any untrusted endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Tainted flow: 'cmd' from os.environ.get (line 30, credential/environment) → subprocess.run (code execution)

Medium
Category
Data Flow
Content
"-d", json.dumps(payload)
    ]
    
    result = subprocess.run(cmd, capture_output=True, text=True, timeout=35)
    data = json.loads(result.stdout)
    
    if data.get("base_resp", {}).get("status_code") == 0:
Confidence
84% confidence
Finding
result = subprocess.run(cmd, capture_output=True, text=True, timeout=35)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The usage instructions tell users to submit local images to external providers such as MiniMax, OpenAI, or Anthropic, but they do not warn that the image contents will be sent to third-party services for processing. This is dangerous because users may unknowingly upload sensitive screenshots, documents, or personal data, causing confidentiality, privacy, or compliance issues.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This function reads a local image file, base64-encodes it, and sends the full content to an external MiniMax API without any user-facing warning, consent, or data-classification guard. In an agent skill context, that can leak screenshots, documents, or other sensitive business material to third parties unexpectedly.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The OpenAI path uploads raw local image contents to a third-party API and does so silently from the user's perspective. Because this skill is specifically intended for screenshots, charts, and document photos, the probability of sensitive or regulated data exposure is materially higher.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
This Anthropic integration transmits local image contents externally without transparent disclosure or consent. In a business-image-understanding skill, hidden third-party transfer can expose internal dashboards, contracts, IDs, or other confidential imagery.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal