Minimax Web Search
ReviewAudited by ClawScan on May 18, 2026.
Overview
Review recommended: the skill matches its web search and image-analysis purpose, but it embeds a MiniMax API key and runs an unpinned external MCP package at runtime.
Before installing, verify that you trust the embedded MiniMax credential arrangement and the external `minimax-coding-plan-mcp` package. Prefer a version-pinned package and your own declared API key, and avoid sending sensitive images or queries unless you are comfortable with MiniMax processing them.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Searches and image-analysis requests may run under a shared or publisher-owned MiniMax credential, which could be revoked, misused, rate-limited, or carry permissions the user cannot inspect.
The script embeds and exports a MiniMax API key directly in source code, despite the registry declaring no primary credential or required environment variable. This makes whose account is being used and what privileges are granted unclear.
os.environ["MINIMAX_API_KEY"] = "sk-cp-..."
Remove the hardcoded key and require users to provide their own scoped MiniMax API key through a declared environment variable or credential mechanism.
Installing or invoking the skill may execute remote package code whose exact version and provenance are not locked by the skill artifacts.
The skill starts an external MCP package through `uvx` at runtime without a version pin or install specification. The `-y` flag also suggests non-interactive acceptance, so package changes could alter behavior without review.
subprocess.Popen(["uvx", "minimax-coding-plan-mcp", "-y"], ...)
Pin the MCP package version, declare `uvx` as a required binary or provide an install spec, and document the package source and update behavior.
If a user analyzes private images or sensitive queries, that content may leave the local machine for MiniMax processing.
The vision feature accepts local image paths or URLs and uses MiniMax Coding Plan MCP for image understanding, so prompts and selected image content may be processed by an external provider.
python3 scripts/mmvision.py "<提示词>" "<图片路径或URL>"
Only use the skill with images and queries you are comfortable sending to MiniMax, and document the provider data flow and retention expectations.