Back to skill

Security audit

Mmx

Security checks across malware telemetry and agentic risk

Overview

This skill is a reference guide for using the MiniMax mmx CLI, with expected account, network, and file-output behavior for that purpose.

Install only if you intend to use MiniMax through the mmx CLI. Treat prompts, images, audio, files, and search queries as content that may leave your machine; avoid submitting secrets or sensitive personal/proprietary data, protect the API key, watch quota or billing, and choose output paths carefully before generating or downloading media.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The activation text is broad enough to trigger on many general content-generation or image-analysis requests, which can cause the agent to invoke this skill in contexts the user did not clearly intend. Because the skill sends prompts and media to a remote authenticated CLI service, over-broad activation increases the chance of unnecessary data disclosure and tool misuse.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The auth and usage examples encourage immediate login and remote API use without warning that prompts, files, images, audio, and search queries may be transmitted to a third-party service. In an agent setting, this omission is security-relevant because users may assume local processing and unknowingly expose secrets, personal data, or proprietary content.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.