Minimax Tts Cn

Security checks across malware telemetry and agentic risk

Overview

This skill performs the advertised MiniMax text-to-speech workflow, but users should understand that it stores a shared local API token and sends text to MiniMax.

Install only if you trust the OpenClaw instance and its agents with one shared MiniMax API token. Avoid converting private or regulated text unless you are comfortable sending it to MiniMax, and delete server/.env or rotate the token if you no longer want local persistence.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The documented trigger phrases are broad everyday terms like 'TTS', '生成语音', and '生成音频', which can overlap with normal user conversation and cause unintended activation of the skill. In this context, unintended activation could prompt for secrets such as an API token or initiate file-generation behavior the user did not explicitly request, creating confusion and possible data-handling risks.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The usage section states that saying a generic phrase like '文字转语音' will activate the workflow, but it does not define context boundaries or ambiguity handling. Because this is an interactive skill that can store shared credentials and generate/send files, accidental invocation is more dangerous than a purely informational skill.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The trigger phrases are broad enough to activate during ordinary conversation, which can cause unintended execution of a networked workflow that requests and stores secrets and sends user content to an external service. In this skill's context, accidental triggering is more dangerous because it may prompt for API tokens and process sensitive text without deliberate user intent.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The workflow asks users for an API token and stores it locally in server/.env, but the user-facing interaction does not clearly disclose this persistence. That is a real security/privacy issue because users may provide a long-lived credential without understanding it will remain on disk for reuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal