ClawHub

minimax-mcp-docker版(适配极空间)

Security checks across malware telemetry and agentic risk

Overview

The skill appears to perform MiniMax image understanding and web search, but it needs review because it tells the agent to collect and store an API key and automatically send user content to an external service.

Review before installing. Use a dedicated MiniMax key with limited exposure, configure it yourself rather than pasting it into chat, verify the external npm package, and avoid sending sensitive images or private search terms unless you are comfortable with MiniMax processing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to request a user's API key via chat and then write it into a local credential file. Collecting secrets conversationally and persisting them on disk expands the attack surface, bypasses safer secret-entry flows, and is not necessary for ordinary image/search handling by the agent itself.

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
The document claims the API key is 'not in code', but later includes logic and dialogue that read, pass, and even write the key. This inconsistency can mislead reviewers and users about how secrets are handled, reducing scrutiny around secret exposure and storage behavior.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill advertises automatic image understanding and web search without clearly warning that user images and queries are sent to an external service. This can cause unintentional disclosure of sensitive content, especially for images or prompts containing personal, confidential, or regulated data.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill encourages creating a local credential file from a user-provided API key without a strong warning about secret-handling risks. This normalizes unsafe secret collection in chat and persistence to disk, which can lead to credential leakage or misuse by other local processes and future sessions.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
`understand_image()` sends a user-supplied file path to an external MCP service, which can result in image contents being transmitted off-host without an explicit warning, consent flow, or data-classification check. In an agent skill context, this creates a real privacy and data-exfiltration risk because users may provide sensitive local files assuming they are processed only locally.

Missing User Warnings

Low
Confidence
80% confidence
Finding
`search_web()` forwards user queries to an external service without any explicit notice. While web search inherently implies network transmission, the absence of disclosure can still expose sensitive prompts, internal terms, or personal data if this skill is invoked automatically by an agent.

Ssd 3

High
Confidence
99% confidence
Finding
The skill instructs the agent to solicit the user's API key in chat and then write it to a local credential file. This is dangerous because conversational channels are not appropriate for secret collection, may be logged or retained, and the agent is being granted a secret-management role unrelated to its core purpose.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal