ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

minimax-mcp

v1.0.0

Provides MiniMax Token Plan web search and image understanding with fallback to Brave Search/Qwen Chat, using environment-injected API keys and no C drive us...

0· 57·0 current·0 all-time
by@godiao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill's code and SKILL.md match the stated purpose: it launches a local Python minimax MCP server (via `-m minimax_mcp.server`) and exposes web_search and understand_image tool calls. However the public registry metadata claims no required env vars while both SKILL.md and the script require MINIMAX_API_KEY (and optionally MINIMAX_PYTHON / MINIMAX_API_HOST). That mismatch between metadata and the actual requirements is an inconsistency users should be aware of.
!
Instruction Scope
SKILL.md instructs creating a venv on E: and installing minimax-coding-plan-mcp and describes automated fallback behavior to Brave Search / Qwen Chat. The shipped JavaScript implements only calls to the MCP server (search, image, tools) and does not implement any automatic fallback logic or the 'enabled' toggle behavior described in the docs. The docs therefore overstate automation. The runtime instructions do not request unrelated system files, but they do assume the user will install a Python package and provide environment variables.
Install Mechanism
This is an instruction-only skill with no installer spec. The SKILL.md asks the user to pip-install minimax-coding-plan-mcp into a venv; there are no bundled downloads or obscure URLs. Risk from install mechanism is low, but you should audit the referenced Python package before installing.
!
Credentials
Functionality legitimately requires MINIMAX_API_KEY and optionally a Python path/host. Those are proportionate to the stated purpose. However: (1) the skill's registry metadata does not declare MINIMAX_API_KEY, creating an information gap; and (2) the script starts a Python subprocess and passes {...process.env, MINIMAX_API_KEY, ...}, i.e., it forwards the entire current environment to the subprocess. That means any other environment secrets present in the agent process become accessible to the spawned Python process and anything that package might send over the network — a potential secret-exfiltration/privacy risk.
Persistence & Privilege
The skill does not request 'always: true', does not modify other skills or global agent settings, and has no install-time mechanism that writes to system-wide configs. It only runs a subprocess when invoked, which is expected for this function.
What to consider before installing
What to check before installing: - The script requires MINIMAX_API_KEY (and optionally MINIMAX_PYTHON/MINIMAX_API_HOST) even though the registry metadata lists none — add only the key you intend to use and confirm the registry is updated. - The Node script launches a local Python module and forwards the entire process environment to that subprocess. If your agent/process environment contains other secrets (other API keys, tokens), those could be visible to the Python code or the remote API it calls. Prefer running this skill with a dedicated, minimal environment (no other secrets), or inspect/contain the Python package before use. - SKILL.md asserts automatic fallback behavior and zero C: usage; the JavaScript does not implement automatic fallback — fallback appears to be manual (toggle `enabled`). Do not rely on the docs for automation guarantees. - Audit the pip package minimax-coding-plan-mcp (version referenced in docs) before installing, and install Python from a trusted source. - If you are uncomfortable with a spawned subprocess inheriting all env vars, do not install or run this skill until the author/maintainer clarifies that only necessary env vars are passed. If you want, I can: list the exact lines that forward the full environment, propose a safer wrapper that only forwards MINIMAX_API_KEY, or draft a checklist to safely sandbox this skill.
scripts/minimax_mcp.js:38
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b9zf6t7j5kgc3sgz0c6507d83gq55

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments