mmMusicMaker
PassAudited by ClawScan on May 1, 2026.
Overview
This looks like a normal MiniMax music-generation helper, but users should notice that it uses a MiniMax API key, sends lyrics/prompts to MiniMax, and writes an output file.
Before installing, confirm you trust the skill source, use a MiniMax API key with appropriate limits, avoid submitting private lyrics or prompts unless you accept sending them to MiniMax, and choose a safe output path for generated audio.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your lyrics, style prompts, and related generation settings are sent to MiniMax to create the audio.
The script sends the generated payload, including user lyrics and prompts, to the MiniMax music API. This is central to the skill's purpose, but users should know their input leaves the local environment and may consume provider quota.
API_URL = "https://api.minimaxi.com/v1/music_generation" ... resp = requests.post(API_URL, json=payload, headers=headers, timeout=120)
Use the skill only for content you are comfortable sending to MiniMax, and review provider terms, privacy, and quota/cost implications.
Anyone using this skill with your environment can make MiniMax API calls under that key's permissions and quota.
The script requires a MiniMax API key and sends it as a bearer token to the fixed MiniMax endpoint. This is expected for the integration, but it is still account-backed authority.
api_key = os.getenv("MINIMAX_MUSIC_API_KEY") ... "Authorization": f"Bearer {api_key}"Use a dedicated or limited MiniMax key if available, avoid sharing the key in prompts or files, and revoke or rotate it if you no longer trust the environment.
You have less external context for who maintains the skill or where to verify updates.
The registry metadata does not provide an upstream source or homepage for provenance verification. The included code is simple and purpose-aligned, so this is a provenance note rather than a concern.
Source: unknown; Homepage: none
Review the included scripts before use and install dependencies only from trusted package sources.