Security audit

MiniMax Provider 配置

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed MiniMax provider setup guide for OpenClaw, with expected configuration edits and API testing but no hidden execution or exfiltration behavior.

Before installing, review the proposed ~/.openclaw/openclaw.json changes, keep a backup, use a dedicated MiniMax API key where possible, avoid sharing keys in chats or logs, and confirm MiniMax billing and privacy terms are acceptable for any prompts routed through this provider.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger phrases are broad enough that the skill may auto-activate in contexts where the user is only discussing MiniMax generally, not explicitly requesting configuration changes. Because this skill contains commands and configuration guidance that alter provider settings and encourage network calls, unintended invocation increases the chance of accidental reconfiguration or secret-handling actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal