MiniMax Vision Analysis
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent MiniMax image-analysis skill, but using it may configure an external MCP tool and send selected images to MiniMax for processing.
Install this only if you are comfortable configuring the MiniMax MCP server and sending chosen images to MiniMax for analysis. Review the MCP package before setup, protect your API key, and avoid analyzing confidential screenshots or documents unless the provider's privacy terms are acceptable.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you mention an image file or URL, the agent may try to analyze it with MiniMax.
The instructions allow tool invocation based on a broad filename or URL pattern. This is disclosed and aligned with image analysis, but it could analyze an image when the user merely mentions a matching path.
The skill triggers automatically when a message contains an image file path or URL with extensions... Extract the image path from the message... Use the `MiniMax_understand_image` tool
Use the skill only with images you intend to analyze, and ask the agent to confirm before processing sensitive files.
The configured MCP server can use your MiniMax account quota and permissions.
The skill requires a MiniMax account API key for the stated provider integration. The artifacts do not show credential logging, hardcoding, or unrelated use.
MiniMax Token Plan subscription with valid `MINIMAX_API_KEY`
Use a dedicated MiniMax key if possible, keep it out of shared files, and rotate it if exposed.
Installing the MCP server runs code from an external package source.
The setup depends on an external, unpinned MCP package that was not included in the scanned artifacts. This is a normal integration pattern here, but the package code is outside this review.
"command": ["uvx", "minimax-coding-plan-mcp", "-y"]
Verify the MiniMax MCP package and documentation before installing, and prefer pinned versions where supported.
Private screenshots, documents, or photos may be sent to MiniMax when analyzed.
The skill can pass local image files through the MiniMax MCP/provider boundary. This is expected for image analysis, but it means image contents may leave the local environment.
Local file paths work if MiniMax MCP is configured with file access
Avoid using the skill on confidential images unless MiniMax's terms, retention, and privacy controls are acceptable.