MiniMax MCP Search

The `search.py` script is highly vulnerable to shell injection. It uses `subprocess.run` with `shell=True` and directly interpolates user-controlled inputs (`query`, `prompt`, `image_path`) into the shell command strings without proper sanitization. This allows an attacker to execute arbitrary commands on the host system by crafting malicious input for the `web_search` and `understand_image` functions, posing a severe remote code execution risk.