国内Minimax Coding Plan订阅计划用量查询
Security checks across malware telemetry and agentic risk
Overview
The skill does what it says, but its script reads and executes a parent `.env` file instead of the documented local one, which can expose or run more than the user expects.
Review before installing. Only run this if you understand which `.env` file will be sourced, ensure that file contains only the intended MiniMax variables, and preferably change the script to read a same-directory `.env` or environment variables without shell-sourcing arbitrary parent-file content.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.