minimax-tools
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill appears to do its stated MiniMax image-understanding and web-search tasks, but users should notice that it installs and runs external MiniMax tooling and uses a MiniMax API key.
Before installing, confirm you trust the MiniMax MCP package and the uv installer, and understand that the skill needs a MiniMax API key. Keep the key private, limit access to the config file, and run the commands only if you are comfortable sending search queries, image URLs, or selected local images to MiniMax for processing.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may require running third-party installer/package code that can change the local environment.
The setup instructions install external tooling and an unpinned MCP package. This is purpose-aligned for using MiniMax MCP, but users are trusting code from outside the supplied artifacts.
curl -LsSf https://astral.sh/uv/install.sh | sh ... uvx install minimax-coding-plan-mcp
Verify the uv installer and minimax-coding-plan-mcp package source/version before installing, and prefer pinned or reviewed versions where possible.
When used, the skill runs the MiniMax MCP package locally and sends it the requested search or image task.
The script launches an external MCP command at runtime. This is central to the skill's stated design, but it means the external command will execute with the user's environment.
proc = subprocess.Popen(
['uvx', 'minimax-coding-plan-mcp'],Use the skill only after installing the intended MCP package from a trusted source and avoid running it in environments with unnecessary sensitive environment variables.
Anyone or any process that can read the configured key may be able to use the user's MiniMax account quota or billing.
The script reads a MiniMax API key from the environment or a local OpenClaw config file. This is disclosed and expected for MiniMax API access, but it is a credential that should be protected.
api_key = os.environ.get('MINIMAX_API_KEY')
...
config_path = os.path.expanduser('~/.openclaw/config/minimax.json')Store the API key securely, restrict file permissions on ~/.openclaw/config/minimax.json, and rotate the key if it may have been exposed.