ClawHub

MiniMax MCP Call

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims, but its setup and wrapper handle credentials too broadly and use risky installer commands, so it should be reviewed before installation.

Install only if you are comfortable reviewing the setup commands first. Prefer installing uv through a trusted package manager or verified installer, store the MiniMax API key with restrictive permissions, and avoid putting unrelated secrets in ~/.openclaw/.env because this wrapper may pass them into its child process.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The README instructs users to execute remotely fetched installer scripts directly with a shell on both Unix and Windows, without any warning, integrity verification, or review step. This creates a supply-chain risk: if the remote host, network path, or script is compromised, arbitrary code will run immediately on the user's system.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The setup instructions direct users to append API credentials into a local plaintext environment file without warning about the storage risk. If that file is readable by other local users, included in backups, or accidentally exposed, the MiniMax API key could be stolen and abused for unauthorized API access and billing impact.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script automatically reads a credential file from the user's home directory and exports all variables into the process environment without any explicit disclosure, consent prompt, or validation. In a skill context, this can silently consume sensitive secrets and pass them to downstream tooling, increasing the risk of unintended credential exposure or use beyond the user's awareness.

Credential Access

High
Category
Privilege Escalation
Content
#!/bin/bash
# Easy wrapper for MiniMax MCP web search

# Load env from ~/.openclaw/.env
if [ -f "$HOME/.openclaw/.env" ]; then
    export $(cat $HOME/.openclaw/.env | xargs)
fi
Confidence
94% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
# Easy wrapper for MiniMax MCP web search

# Load env from ~/.openclaw/.env
if [ -f "$HOME/.openclaw/.env" ]; then
    export $(cat $HOME/.openclaw/.env | xargs)
fi
Confidence
98% confidence
Finding
.env"

External Script Fetching

Low
Category
Supply Chain
Content
```bash
# macOS / Linux
curl -LsSf https://astral.sh/uv/install.sh | sh

# Windows
powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"
Confidence
96% confidence
Finding
curl -LsSf https://astral.sh/uv/install.sh | sh

Chaining Abuse

High
Category
Tool Misuse
Content
```bash
# macOS / Linux
curl -LsSf https://astral.sh/uv/install.sh | sh

# Windows
powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"
Confidence
98% confidence
Finding
| sh

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal