Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
MiniMax PDF OCR
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This OCR skill largely matches its purpose, but it needs review because it runs a shell command with user-controlled file paths and sends document pages to MiniMax.
Review before installing. If you use it, only process documents you are comfortable sending to MiniMax, set a dedicated API key, and avoid running it on files or paths from untrusted sources until the shell execution is fixed.
Static analysis
Env credential access
Critical
- Finding
- Environment variable access combined with network send.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
A malicious or unexpected file path could cause local commands to run under the user's account.
Why it was flagged
The script takes a user-provided PDF path and uses it in a command launched through a shell. The pdftoppm conversion is expected, but shell execution with unsanitized paths can allow command injection if a path contains shell metacharacters.
Skill content
const pdfPath = args[0]; ... const proc = spawn('pdftoppm', [ ... pdfPath, path.join(imageDir, 'page') ], { shell: true });Recommendation
Remove shell:true and call pdftoppm with argument arrays directly, or strictly validate and escape all paths before execution.
What this means
Using the skill consumes MiniMax account access and may incur usage costs according to the user's API account.
Why it was flagged
The skill uses a MiniMax API key from the environment to authenticate requests. This is expected for the stated MiniMax OCR purpose, but it is a real account credential.
Skill content
if (process.env.MINIMAX_API_KEY) { return process.env.MINIMAX_API_KEY; } ... 'Authorization': `Bearer ${apiKey}`Recommendation
Use a dedicated MiniMax API key with the least privileges available, and revoke it if it is no longer needed.
What this means
Private or sensitive PDF contents may be transmitted to MiniMax for processing.
Why it was flagged
Each converted PDF page is read locally, base64-encoded, and sent to the MiniMax API for OCR. This matches the stated purpose, but it means document contents leave the local machine.
Skill content
const imageData = fs.readFileSync(imagePath); ... fetch('https://api.minimax.chat/v1/text/chatcompletion_v2', { ... image_url: { url: `data:image/png;base64,${base64Image}` } })Recommendation
Only use this skill with documents you are allowed to send to MiniMax, and review MiniMax's data handling terms for sensitive material.
What this means
Users may install unnecessary or unpinned dependencies and may not realize poppler is required until runtime.
Why it was flagged
The documentation asks users to install external packages and poppler manually, while the package.json dependency list is empty and the registry metadata declares no required binaries. This is a manual setup/provenance gap rather than hidden automatic installation.
Skill content
npm install openai pdf2image ... brew install poppler
Recommendation
Declare required binaries and environment variables in metadata, remove unused package install instructions, and pin any required dependencies.