ClawHub
Back to skill
v1.0.0

MiniMax Vision

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:33 AM.

Analysis

The skill appears to do what it says—analyze user-sent images with MiniMax—but users should verify the local mcporter setup and understand images may be processed by the configured MCP service.

GuidanceBefore installing, confirm you trust the MiniMax MCP configuration and the local mcporter binary this skill will call. Avoid using it on sensitive images unless you are comfortable with those images being processed by the configured provider.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
minimax_vision.py
env["PATH"] = "/Users/js/.local/bin:" + env.get("PATH", "") ... cmd = ["mcporter", "call", "minimax.understand_image", "--args", ...]

The helper resolves and executes a local mcporter binary, preferring a hard-coded user-specific directory; this dependency is central to the stated purpose but its provenance should be checked.

User impactIf the helper is used, it may fail or use an unexpected local mcporter binary rather than a verified packaged dependency.
RecommendationInstall mcporter from a trusted source, verify which mcporter binary will run on PATH, and prefer a declared or pinned dependency instead of a hard-coded local path.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
当用户发送图片或让你分析图片时,自动调用: mcporter call minimax.understand_image --args '{"prompt": "你要求的描述", "image_source": "图片路径"}'

This shows that user image references are passed through an MCP call to MiniMax for image understanding; this is purpose-aligned, but images may contain private content.

User impactImages you upload for analysis may be processed by the configured MiniMax MCP/provider.
RecommendationUse it only with images you are comfortable processing through that provider, and review your MiniMax MCP privacy and account configuration.