ClawHub

Ffagen Minimax Vision Scraper

Security checks across malware telemetry and agentic risk

Overview

This skill performs its stated screenshot-based scraping task, but it uploads page screenshots to MiniMax and ships with a bundled API key, so users should review it carefully before use.

Install only if you are comfortable with captured webpage screenshots and prompts being sent to MiniMax. Remove the bundled API key and require your own credential, use it only on pages you are authorized to automate, and avoid logged-in, internal, personal, or confidential sites unless you have reviewed the provider's data handling and run it in an isolated environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
78% confidence
Finding
The skill documentation indicates use of environment variables such as MINIMAX_API_KEY, but the skill has no declared permissions for environment access. Undeclared env access is dangerous because it weakens user visibility into what sensitive data the skill may read and use at runtime. In this context, the risk is elevated because the skill also performs external API calls and screenshot-based scraping, so secrets from the environment could be combined with outbound network activity.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
This is a real security and transparency issue: the documented behavior omits materially sensitive actions, including use of a hardcoded API key, external transmission to MiniMax, and temporary storage of screenshots on disk. Hardcoded credentials are especially dangerous because they can be abused if exposed, and undisclosed outbound transfer of screenshots can leak sensitive page content, session data, or user-entered information. The skill context makes this more dangerous because it explicitly targets anti-bot bypass and captures rendered pages, which may include private or access-controlled data.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script hardcodes a live MiniMax API key as a fallback and immediately uses it for outbound requests. This exposes a credential to anyone with file access, enables unauthorized third-party API consumption, and creates an unbounded external capability that persists even when the operator did not supply their own key.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The documentation states that MINIMAX_API_KEY is an environment dependency, but the implementation silently falls back to an embedded secret. That mismatch is dangerous because users may believe no credentialed external access exists unless they explicitly configure one, while the skill actually ships with built-in privileged access.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill does not clearly warn users that webpage screenshots and prompts are sent to an external MiniMax VLM API, creating a meaningful data exfiltration risk. Screenshots can contain sensitive information not obvious from the URL alone, including account data, private messages, tokens visible in the UI, or confidential business content. Because this skill is designed to capture fully rendered pages and send them for AI analysis, the context substantially increases the sensitivity of the omitted disclosure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code reads the screenshot file, base64-encodes it, and sends the full image to an external API for analysis without an explicit user-facing warning or consent step. Screenshots can contain sensitive page content, session data, personal information, or proprietary business data, so silent transmission meaningfully increases privacy and data-handling risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal