MiniMax GIF Sticker Maker

Security checks across malware telemetry and agentic risk

Overview

This is a coherent sticker-making skill, but users should understand that photos and generated images may be sent to MiniMax for processing.

Install only if you are comfortable using MiniMax APIs for the selected photos and generated images. Avoid sensitive personal images or photos of other people without permission, and review any external helper scripts or requirements before running them because they were not included in this artifact.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill instructs the agent to send user photos to external MiniMax APIs but does not require any user-facing disclosure or consent before transfer. This creates a real privacy risk because users may provide sensitive personal images without understanding that third-party processing occurs outside the local environment.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The workflow explicitly preserves a person's facial likeness via `--subject-ref`, but the skill does not warn users that their identity and recognizable features may be used to generate stylized outputs. This increases biometric and identity-related privacy concerns, especially for photos of real people or third parties who may not have consented.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal