Back to skill

Security audit

Minimax Use

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward MiniMax API wrapper, but anything you ask it to search, translate, chat about, or analyze as an image is sent to the configured MiniMax endpoint using your API key.

Install only if you are comfortable sending selected text, chat history, search queries, and image contents to MiniMax or the endpoint set in MINIMAX_API_HOST. Use a dedicated API key with spending limits if possible, avoid sensitive or regulated data, and do not set MINIMAX_API_HOST to a host you do not control and trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Tainted flow: 'url' from os.environ.get (line 236, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
payload = {"q": query}

    try:
        response = requests.post(url, headers=headers, json=payload, timeout=30)
        response.raise_for_status()
        data = response.json()
Confidence
97% confidence
Finding
response = requests.post(url, headers=headers, json=payload, timeout=30)

Tainted flow: 'url' from os.environ.get (line 236, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
}

    try:
        response = requests.post(url, headers=headers, json=payload, timeout=60)
        response.raise_for_status()
        data = response.json()
Confidence
98% confidence
Finding
response = requests.post(url, headers=headers, json=payload, timeout=60)

Tainted flow: 'url' from os.environ.get (line 236, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
payload["system"] = system

    try:
        response = requests.post(url, headers=headers, json=payload, timeout=120)
        response.raise_for_status()
        data = response.json()
Confidence
97% confidence
Finding
response = requests.post(url, headers=headers, json=payload, timeout=120)

Tainted flow: 'url' from os.environ.get (line 236, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
payload["system"] = system

    try:
        response = requests.post(url, headers=headers, json=payload, timeout=120, stream=True)
        response.raise_for_status()

        full_content = ""
Confidence
97% confidence
Finding
response = requests.post(url, headers=headers, json=payload, timeout=120, stream=True)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill declares required environment variables and clearly relies on outbound API calls, but the documentation does not declare corresponding permissions despite having env and network capabilities. This mismatch can mislead users and security controls about what the skill can access and where data may be sent, reducing informed consent and weakening policy enforcement.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation instructs users to send prompts, chat history, images, web-search queries, and translation text to a third-party MiniMax service without any privacy notice, data-handling warning, or guidance on sensitive content. In practice, users may unknowingly transmit secrets, personal data, proprietary files, or internal context to an external provider.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The API reference documents functions that send user-controlled inputs such as search queries, prompts, image sources, chat messages, and history to MiniMax endpoints, but it does not warn users that this data leaves the local environment and is transmitted to a third-party service. This omission can lead to accidental disclosure of sensitive data, especially because image paths/URLs and conversation history may contain secrets, internal file references, or private content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
When given a local path, the function reads the entire file, base64-encodes it, and sends it to a remote API, but there is no explicit disclosure or confirmation at the point of use. In an agent skill, users may assume local analysis, so this can cause unintended transmission of sensitive local files.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The chat command sends user messages, optional system prompts, and conversation history to a remote API without prominent disclosure in the interface or command behavior. In a tool/agent context, this increases the risk of users or upstream agents passing secrets, internal prompts, or sensitive context to an external service unintentionally.

External Transmission

Medium
Category
Data Exfiltration
Content
Optionally, you can customize the API endpoint:

```bash
export MINIMAX_API_HOST="https://api.minimaxi.com/anthropic"
```

## CLI Commands
Confidence
83% confidence
Finding
https://api.minimaxi.com/

VirusTotal

46/46 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.