ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Minimax Image Gyh

v1.0.0

MiniMax 图像生成模型(image-01),根据文本描述生成高质量图片。使用 MINIMAX_API_KEY 环境变量。

0· 57·0 current·0 all-time
by@skydream9527-ctrl

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for skydream9527-ctrl/minimax-image-gyh.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Minimax Image Gyh" (skydream9527-ctrl/minimax-image-gyh) from ClawHub.
Skill page: https://clawhub.ai/skydream9527-ctrl/minimax-image-gyh
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install minimax-image-gyh

ClawHub CLI

Package manager switcher

npx clawhub@latest install minimax-image-gyh
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, SKILL.md and the included Python scripts all implement an image-generation workflow that calls a MiniMax image API and save files locally — this is coherent. However the registry metadata did not declare MINIMAX_API_KEY as a required environment variable even though every script expects it, which is an inconsistency.
!
Instruction Scope
SKILL.md instructs the agent/user to set MINIMAX_API_KEY and to pip install requests. The included scripts read MINIMAX_API_KEY (or fall back to a hardcoded DEFAULT_API_KEY). The scripts call external endpoints (api.minimaxi.com) and download or decode image data. There is no instruction to access unrelated local files or secrets, but the fallback hardcoded key expands the runtime behavior in a way not documented in registry metadata.
Install Mechanism
There is no install spec (instruction-only), only Python scripts. No third-party install URLs or archive extraction; risk from install mechanism is low. The scripts do require the requests library but only instruct pip3 install requests.
!
Credentials
The skill legitimately needs a MiniMax API key, so asking for MINIMAX_API_KEY is proportional. However the registry metadata lists no required env vars (mismatch) and multiple scripts embed a DEFAULT_API_KEY literal in source. A hardcoded API key in the codebase is a notable risk: it may be a valid key (allowing usage or charges under another account) or a leaked/placeholder credential; either case is unexpected and disproportionate unless explicitly documented.
Persistence & Privilege
The skill is not always-enabled and does not request elevated privileges or modify other skills/config. Autonomous invocation is allowed (platform default) which is normal; nothing in the package requests permanent system presence.
What to consider before installing
Do not install or run this skill without manual review. Key points to check before using: - The code contains a hardcoded DEFAULT_API_KEY value; confirm whether that key is a placeholder or a working key. If it is valid, using the skill could run requests billed to someone else or leak usage. Prefer removing this fallback and requiring the user to set their own MINIMAX_API_KEY. - The registry metadata omitted MINIMAX_API_KEY even though scripts require it — ask the author to correct metadata so the platform can surface required secrets. - Verify the API host (https://api.minimaxi.com) is the legitimate service you intend to use. If you rely on this skill in production, use an API key you control and run it in an environment with limited network exposure. - Consider running the scripts in an isolated environment (container or VM) and audit network traffic to confirm no unexpected endpoints are contacted. - If you need a safer approval: request the author to remove embedded credentials, document that the embedded key is invalid, and update registry metadata to list MINIMAX_API_KEY as required. If the author confirms the DEFAULT_API_KEY is inert/placeholder, that would increase confidence.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🖼️ Clawdis
Binspython3
latestvk971q2yx4cderk5mbr88p9yt5984pmwj
57downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
@skydream9527-ctrl
latest
Download

MiniMax 图像生成

使用 MiniMax image-01 模型根据文本描述生成图片。

支持的模型

模型说明
image-01最新图像生成模型,支持文生图
image-01-live实时图像生成

前置要求

  • Python 3
  • pip3 install requests
  • 设置环境变量 MINIMAX_API_KEY

使用方法

# 文生图
python3 {baseDir}/scripts/image_gen.py \
  --prompt "一个穿古装的东方美女,银杏树下,月光皎洁" \
  --output girl.png

# 指定尺寸
python3 {baseDir}/scripts/image_gen.py \
  --prompt "未来城市夜景,霓虹灯光,科幻风格" \
  --size 1024x1024 \
  --output city.png

参数说明

参数说明默认值
--prompt图片描述文本(建议中英混杂效果更好)-
--model模型名称image-01
--size图片尺寸1024x1024
--output输出文件路径output.png

Comments

Loading comments...