Minimax Usage

Security checks across malware telemetry and agentic risk

Overview

This skill transparently checks MiniMax API usage with a user-provided API key and does not show hidden or destructive behavior.

Install only if you are comfortable letting this local script use your MiniMax API key to query MiniMax usage. If you copy the cron or webhook example, confirm the destination is private and trusted because it can receive your usage balance details.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill documentation clearly indicates use of shell execution and network access (`bash`, `curl`) while the skill declares only runtime requirements and no explicit permissions. That mismatch can mislead operators and any policy layer about what the skill is capable of, reducing reviewability and increasing the chance that a network-capable script is run with more trust than intended.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal