Back to skill
Skillv1.0.0
ClawScan security
MiniMax Media Generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 16, 2026, 11:07 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The plugin mostly matches its stated purpose (media generation) but contains clear inconsistencies — most notably a hardcoded MiniMax API key and absolute user paths in one helper script — which are unexpected and risky.
- Guidance
- Do not trust or run generate.sh as-is. It contains a hardcoded MiniMax API key and writes to /Users/rocky/Desktop — behavior that contradicts the manifest and SKILL.md. That embedded key could be someone else's credential (risking unexpected billing, misuse, or leakage). Recommended actions before installing/using: 1) Inspect and remove or disable generate.sh (or replace the hardcoded key and absolute paths with references to your own MINIMAX_API_KEY and MINIMAX_OUTPUT_DIR). 2) Prefer using the provided install.sh which prompts you to input your own API key and writes it to ~/.openclaw/openclaw.json. 3) After running install.sh, verify openclaw.json content and confirm only your key was added. 4) Search the package for any other hardcoded secrets or absolute paths. 5) If you or your environment ever ran generate.sh with the embedded key, assume that key is compromised: rotate/replace your own MiniMax API key and contact MiniMax if you need to investigate billing/usage. 6) Only enable this skill if you accept the risk of embedded secrets and have sanitized the code; otherwise decline or ask the publisher for a clean release that does not include hardcoded credentials.
Review Dimensions
- Purpose & Capability
- concernName/description promise image/video/tts/music generation via MiniMax and most scripts (install.sh, minimax.sh) only request the MiniMax API key and read/write the user's openclaw.json — that is coherent. However generate.sh contains a long hardcoded API key and hardcoded output path (/Users/rocky/Desktop), contradicting the manifest note '无硬编码' and the SKILL.md guidance to supply your own key; that extra embedded credential and user-specific path are not needed for the declared purpose.
- Instruction Scope
- concernSKILL.md and scripts instruct only to add the API key to ~/.openclaw/openclaw.json and run minimax.sh; those steps are within scope. But generate.sh bypasses the declared configuration flow by embedding an API key and writing to an absolute desktop path. That script grants the package more direct network access with a baked-in credential and performs file writes outside the plugin's usual output dir, which goes beyond the documented runtime instructions.
- Install Mechanism
- okThere is no external install/download step (instruction-only plus local scripts). install.sh modifies ~/.openclaw/openclaw.json to store the user's API key — expected for a plugin. No remote arbitrary code downloads or obscure URLs were found.
- Credentials
- concernThe plugin legitimately requires a MiniMax API key. But registry metadata reported no required env vars while manifest.json and SKILL.md do require MINIMAX_API_KEY — an inconsistency. More importantly, generate.sh contains a hardcoded API key (sk-cp-...) and uses a hardcoded output directory; this is disproportionate, leaks a credential, and may cause billing/account/traceability issues if that key is valid.
- Persistence & Privilege
- okThe skill does not request 'always: true' or other elevated privileges. install.sh writes only to the user's openclaw.json (its own configuration area), which is expected behavior for an OpenClaw plugin. There is no evidence it modifies other skills or system-wide settings beyond openclaw.json.