MiniMax MCP Call
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: minimax-mcp-call Version: 1.0.0 The skill is classified as suspicious primarily due to the installation instructions in `SKILL.md` and `README.md` that use `curl -LsSf https://astral.sh/uv/install.sh | sh` (and a PowerShell equivalent). This method of remote script execution (`curl | sh`) introduces a significant supply chain risk and potential Remote Code Execution (RCE) vulnerability, as it relies on the integrity of the `astral.sh` domain and script. While `uv` is a legitimate tool, this installation practice is inherently risky. The core logic in `scripts/mcp_search.sh` and `scripts/mcp_client.mjs` appears robust against command injection, passing user inputs as data within JSON-RPC calls rather than directly executing them.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the external MCP package changes or is compromised, it could run local code under the user's environment when the skill is invoked.
At runtime the skill executes an external package that is not included in the manifest and is not version-pinned in the artifacts.
mcpProcess = spawn("uvx", ["minimax-coding-plan-mcp", "-y"], {Pin the package/version, document the package source, use a reviewed local dependency or lockfile, and require clear user approval before first execution.
Other API keys or secrets present in the OpenClaw environment could be made available to code that only needs the MiniMax API key.
The spawned MCP process receives the full process environment, not only the MiniMax variables. The wrapper also loads ~/.openclaw/.env, so unrelated credentials in that file may be exposed to the external MCP server process.
env: { ...process.env, MINIMAX_API_KEY: API_KEY, MINIMAX_API_HOST: API_HOST }Pass only the specific MiniMax variables needed by the MCP server, avoid exporting the entire .env file, and declare the credential requirements in metadata.
Users may underestimate the setup and credential exposure if they rely only on the registry metadata.
The registry metadata says no credential is required, while SKILL.md says the skill requires a MiniMax Coding Plan API key and setup in ~/.openclaw/.env.
Required env vars: none ... Primary credential: none
Update metadata to declare the MiniMax API key, uv, and Node.js requirements.
Search terms, prompts, and image URLs may be sent to MiniMax or processed through the MCP server.
The skill routes search queries and image-understanding requests through an MCP server and MiniMax provider, which is expected for the advertised functionality.
Web search and image understanding via MiniMax Coding Plan MCP.
Avoid submitting private images, confidential URLs, or sensitive search prompts unless this data sharing is acceptable.