MiniMax Media Generator

Security checks across malware telemetry and agentic risk

Overview

This MiniMax media skill mostly matches its stated purpose, but it ships an extra script with a hardcoded API key and weak credential handling that users should review before installing.

Review before installing. Do not run generate.sh as shipped; use only a version with the embedded MiniMax API key removed and rotated. If you install the skill, use a dedicated MiniMax API key, protect ~/.openclaw/openclaw.json as a sensitive file, and avoid sending confidential prompts or media text to MiniMax.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (11)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill metadata declares no explicit permissions, yet the documentation clearly indicates shell execution and local file writes via install and runtime scripts. This is a real security issue because users and the hosting framework may not have accurate visibility into the skill's capabilities, which weakens consent, sandboxing, and policy enforcement.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 97% confidence
Finding: The documented behavior goes beyond simple media generation: it modifies local configuration, persists user API keys, and writes generated files to disk. The stated mismatch is especially concerning because the finding mentions a hardcoded MiniMax API key in code; if true in the implementation, that introduces credential exposure and possible unauthorized third-party use far outside the declared purpose.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The script reads a MiniMax API key directly from the broader ~/.openclaw/openclaw.json file and exports it for subsequent network requests. Even if intended for convenience, this expands the skill's access to credentials beyond explicit user input and creates an implicit secret-access behavior that users may not expect from a media-generation plugin.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The README instructs users to enter an API key and states it will be automatically saved to `openclaw.json`, but it does not warn about secure storage, file permissions, or the sensitivity of credentials at rest. This can lead to accidental exposure of the MiniMax API key through weak filesystem permissions, backups, screenshots, or source control if users mishandle the config file.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documentation states that the installer will collect and automatically write the user's MiniMax API key into a local configuration file, but it provides no warning about credential persistence or file protection. This can lead users to store secrets insecurely without understanding local compromise risks, backup leakage, or accidental exposure through file sharing and logs.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill documentation indicates that prompts, media-related inputs, and authentication material are used to call a third-party MiniMax service, but it does not warn users that their data will leave the local environment. In a media-generation plugin, external transmission is expected, but the absence of privacy and data-handling disclosure still creates a meaningful transparency and compliance risk.

Missing User Warnings

High

Confidence: 99% confidence
Finding: A live API credential is hardcoded directly in the script, which exposes it to anyone who can read, copy, or publish the skill. This can enable unauthorized API usage, billing abuse, and compromise of the associated account or downstream data processed by the service.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script sends user-supplied prompts to a third-party API without any disclosure, consent, or warning to the user. This creates a privacy and data-handling risk because users may unknowingly transmit sensitive or proprietary text off-device to an external provider.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The installer prompts for a sensitive API key and writes it directly into ~/.openclaw/openclaw.json in plaintext without warning the user about storage behavior or file sensitivity. This increases the risk of credential exposure through local file disclosure, backups, shell support incidents, or overly permissive filesystem permissions.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The script silently loads and exports an API key from a local config file without an explicit notice or consent step. This is risky because users may invoke the skill expecting media generation only, while the skill also performs credential discovery and exposes the secret to child processes via the environment.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill sends user prompts and text to remote MiniMax endpoints, but there is no explicit privacy or data-transmission warning at the point of collection. In this context, the submitted text may contain sensitive or proprietary content, and the skill's interactive design makes silent exfiltration to a third party more concerning.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal