8917 Minimax Toolkit
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent MiniMax API wrapper, but it can use your MiniMax API key and send media files to MiniMax for generation tasks.
This skill appears purpose-aligned and transparent for MiniMax generation workflows. Before installing, be comfortable with it reading a MiniMax API key, consuming MiniMax request quota, uploading submitted media to MiniMax, and saving generated outputs into the configured workspace or output directory.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and using the skill may allow it to spend MiniMax quota or access MiniMax services under the user's configured account key.
The skill can read a MiniMax API key from the user's OpenClaw configuration if MINIMAX_API_KEY is not set; this is disclosed and purpose-aligned, but it is still account credential access.
config_path = os.path.expanduser("~/.openclaw/openclaw.json") ... if "minimax" in name.lower(): return cfg.get("apiKey")Use a dedicated MiniMax Token Plan key where possible, confirm the key source before running commands, and rotate the key if you no longer trust the skill.
Private images, audio, video, text, or voice samples used with the skill may be uploaded to MiniMax for processing.
The skill explicitly sends user-provided text/media to a third-party provider for generation workflows; this is expected for the integration but important for privacy.
This skill may send user-provided media to MiniMax APIs in these cases: image generation / image-to-image ... voice cloning / voice design ... music generation
Do not submit sensitive media unless you accept MiniMax processing it; obtain consent before using other people's voice or media samples.
Users have less external provenance information for verifying who maintains the skill or where updates originate.
The registry metadata does not provide an upstream source or homepage, which reduces provenance transparency even though the included artifacts are coherent and the static scan is clean.
Source: unknown; Homepage: none
Review the included scripts and references before installation, especially because the skill handles API credentials and media uploads.