Security audit

8917 Minimax Toolkit

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed MiniMax API wrapper that uploads user-selected media/text to MiniMax and saves generated outputs locally.

Install only if you are comfortable letting the skill use your MiniMax API key, consume MiniMax quota, upload selected prompts/media/audio to MiniMax, and save generated files locally. Use voice cloning only with permission from the speaker, and avoid submitting confidential media unless third-party processing is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Tainted flow: 'url' from requests.post (line 463, network input) → requests.get (network output)

Medium

Category: Data Flow
Content: def _download_and_save(url: str, filepath: str) -> bool: """Download content from URL and save to filepath.""" try: data = requests.get(url).content with open(filepath, 'wb') as f: f.write(data) return True
Confidence: 95% confidence
Finding: data = requests.get(url).content

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill clearly requires sensitive capabilities: reading environment/config for API keys, reading and writing local files, and making network requests to MiniMax and documentation endpoints. However, the manifest only declares an env requirement and does not explicitly declare broader permissions, which creates a transparency and policy-enforcement gap: users and the platform may not realize the skill can read local files, write outputs, and send user-provided media to third-party services. In this context the behavior appears aligned with the tool’s stated purpose, so this is not overtly malicious, but it is still a real security issue because undeclared capabilities reduce informed consent and increase the chance of unintended data exposure.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: Voice cloning involves uploading user-provided audio, which may contain highly sensitive biometric voice data, to a third-party service along with account credentials, yet the implementation only prints operational messages and does not provide an explicit privacy/consent warning at the point of use. In a multimodal agent skill context, this is more dangerous because users may trigger the feature assuming local processing when their biometric data is actually transmitted externally.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: This command sends user-supplied voice audio and optional prompt audio/text to a remote MiniMax API for voice cloning, but the CLI provides no explicit warning, consent prompt, or privacy notice at the point of use. Because voice samples are highly sensitive biometric and personal data, users may unknowingly transmit third-party or confidential audio off-host, creating privacy, compliance, and misuse risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal