Minimax Web Search

The skill contains a hardcoded, plaintext API key (MINIMAX_API_KEY) within both scripts/mmsearch.py and scripts/mmvision.py, which is a significant security vulnerability. While the scripts appear to perform their stated functions of web search and image analysis using the MiniMax MCP server, the use of 'uvx' to dynamically fetch and execute a remote package at runtime poses a potential supply chain risk.