minimax-websearch

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed MiniMax web-search wrapper, with normal third-party search and API-key risks but no evidence of hidden or destructive behavior.

Install only if you are comfortable sending search queries to MiniMax or fallback providers and running the minimax-coding-plan-mcp Python package locally. Do not search for secrets, credentials, regulated data, or confidential business information. Prefer setting MINIMAX_API_KEY through OpenClaw environment variables rather than config files, pin and verify the Python package version, and keep MINIMAX_PYTHON set to a trusted interpreter.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill documentation describes use of MiniMax, Brave Search, and Qwen Chat, but it does not clearly warn users that their search queries and related metadata will be transmitted to third-party services. In a search skill, queries may contain sensitive business, personal, or investigative information, so lack of explicit disclosure can lead to unintentional data exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal