MiniMax Frontend Dev

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate MiniMax frontend/media skill, but it needs review because its API scripts can send a MiniMax key and prompts to an unvalidated environment-configured endpoint.

Install only if you are comfortable sending asset prompts, text, lyrics, and related content to MiniMax. Set MINIMAX_API_BASE only to an official HTTPS MiniMax endpoint, avoid confidential or regulated data in prompts, and do not print or paste API keys into terminals, logs, screenshots, or shared support threads.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Tainted flow: 'API_BASE' from os.getenv (line 23, credential/environment) → requests.post (network output)

Critical

Category: Data Flow
Content: if seed is not None: payload["seed"] = seed resp = requests.post( f"{API_BASE}/image_generation", headers=_headers(), json=payload,
Confidence: 90% confidence
Finding: resp = requests.post( f"{API_BASE}/image_generation", headers=_headers(), json=payload, timeout=120, )

Tainted flow: 'API_BASE' from os.getenv (line 24, credential/environment) → requests.post (network output)

Critical

Category: Data Flow
Content: if lyrics_optimizer: payload["lyrics_optimizer"] = True resp = requests.post( f"{API_BASE}/music_generation", headers={ "Authorization": f"Bearer {API_KEY}",
Confidence: 95% confidence
Finding: resp = requests.post( f"{API_BASE}/music_generation", headers={ "Authorization": f"Bearer {API_KEY}", "Content-Type": "application/json", },

Tainted flow: 'download_url' from requests.get (line 122, network input) → requests.get (network output)

Medium

Category: Data Flow
Content: raise SystemExit(f"No download_url in response: {json.dumps(data, indent=2)}") print(f" Downloading from {download_url[:80]}...") video_resp = requests.get(download_url, timeout=300) video_resp.raise_for_status() os.makedirs(os.path.dirname(output_path) or ".", exist_ok=True)
Confidence: 91% confidence
Finding: video_resp = requests.get(download_url, timeout=300)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill clearly expects access to environment variables, local files, and outbound network calls through the MiniMax scripts, yet no explicit permissions are declared. This creates a transparency and policy-enforcement gap: a host or reviewer may authorize the skill based on incomplete capability disclosure, allowing it to read secrets like MINIMAX_API_KEY, access project files, and transmit data externally without clear user awareness.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 90% confidence
Finding: The description frames the skill primarily as frontend/page-building, but the body includes standalone TTS, music, image, and video generation workflows backed by an external API. That mismatch can mislead operators into invoking or approving the skill for seemingly local frontend work when it may actually send prompts/content to third-party services and generate non-UI media artifacts.

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The documentation tells users to paste a live API key directly into an export command, which can expose the credential through shell history, terminal scrollback, shared session logs, or screenshots. While this is common setup guidance and not overtly malicious, it still encourages unsafe secret-handling practices that can lead to credential leakage.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The reference documents multiple workflows that send prompts, lyrics, and other potentially sensitive user-supplied content to an external third-party API, but it does not warn users about that data transfer. In a frontend/media-generation skill, users may paste proprietary marketing content, customer data, or unpublished assets, so the omission can lead to unintended data disclosure or compliance issues.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The troubleshooting guide tells users to verify the environment variable with `echo $MINIMAX_API_KEY`, which prints the full secret to the terminal and potentially into shell history, screen recordings, logs, shared terminals, or support screenshots. In a frontend/media-generation skill that relies on external APIs, exposing credentials is a real operational security risk even if the documentation is otherwise legitimate.

VirusTotal

No VirusTotal findings

View on VirusTotal