ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

minimax-img

v1.0.0

Use MiniMax image-01 model to generate images from text prompts. Supports high-quality PNG output, downloaded from Hailuo CDN. Install when needed.

0· 98·0 current·0 all-time
by@jlin53882

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for jlin53882/minimax-img.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "minimax-img" (jlin53882/minimax-img) from ClawHub.
Skill page: https://clawhub.ai/jlin53882/minimax-img
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: python
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install minimax-img

ClawHub CLI

Package manager switcher

npx clawhub@latest install minimax-img
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill description and SKILL.md advertise image generation via MiniMax image-01, which the script implements. However, the shipped script (scripts/minimax_media.py) also implements text-to-speech (TTS) functionality (speech-2.8-hd) that is not advertised in the README or description — scope creep. Also the registry metadata lists no required environment variables while SKILL.md and the script require MINIMAX_API_KEY (and optionally MINIMAX_BASE_URL). These mismatches suggest the package metadata is incomplete or not aligned with the code.
!
Instruction Scope
Runtime instructions are simple (run python scripts/minimax_media.py image "prompt"). The script performs HTTP requests to the MiniMax API and downloads images from returned URLs (CDN). It writes files to /tmp-like locations using tempfile.mktemp, which is insecure (race condition) and may lead to predictable temporary filenames. Aside from network I/O and writing temp files, the instructions do not ask the agent to read unrelated files or other environment variables. Still, the undocumented TTS command expands the agent's behavior surface beyond what the SKILL.md focuses on.
Install Mechanism
There is no install spec; this is instruction-only with an included script. That minimizes install-time risk (no arbitrary downloads or archive extraction). The script depends on the 'requests' Python package but does not attempt to install it automatically; that is a normal runtime dependency. No external install URLs or archive extraction are present.
!
Credentials
The script requires a single API credential (MINIMAX_API_KEY) to call the MiniMax API, which is proportional to its purpose. However, the registry metadata claims 'Required env vars: none' while SKILL.md and the code explicitly require MINIMAX_API_KEY and support MINIMAX_BASE_URL — this mismatch is concerning because the declared privileges do not match actual runtime needs. Requesting the API key is expected, but the omission from registry metadata reduces transparency.
Persistence & Privilege
The skill does not request always: true and is user-invocable only. It does not modify other skills or system-wide configuration. It runs on demand and does not request persistent system presence.
What to consider before installing
This package largely does what it says (generate images via MiniMax) but there are some red flags to consider before installing: 1) The registry metadata does not list MINIMAX_API_KEY even though the script requires it — confirm you trust the source before handing over an API key. 2) The included script also supports TTS (text-to-speech) which is not advertised in the README/SKILL.md; if you don't want TTS functionality present, avoid installing. 3) The script uses tempfile.mktemp (insecure) to create temporary files; run it in a sandbox or review/patch the code to use tempfile.mkstemp or NamedTemporaryFile to avoid race conditions. 4) The script performs outbound network calls and downloads images from CDN URLs returned by the API — ensure your environment allows such egress and that the key you provide has limited permissions. If you plan to use this skill, verify the MINIMAX_API_KEY's scope, confirm the publisher is trustworthy, and consider running the script in an isolated environment first.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🎨 Clawdis
Binspython
latestvk974zt6rg6ng6abwaq904fcvah83ha75
98downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@jlin53882
latest
Download

MiniMax Image Generation

Call via: python scripts/minimax_media.py image "<prompt>"

Usage

# Basic
python scripts/minimax_media.py image "A cute cat"

# Detailed prompt
python scripts/minimax_media.py image "A futuristic city at sunset, cyberpunk style, highly detailed"

Returns: {"image_path": "...", "url": "...", "size_bytes": ...}

  • image_path: Local path to saved PNG file
  • url: Direct CDN URL to the generated image
  • size_bytes: File size in bytes

Prompt Tips

  • Be specific and descriptive for best results
  • Include style keywords (e.g., "photorealistic", "anime", "watercolor")
  • Mention lighting, mood, and composition for more controlled output

Environment

Example Response

{
  "image_path": "/tmp/tmp123.png",
  "url": "http://hailuo-image-algeng-data-us.oss-us-east-1.aliyuncs.com/...",
  "size_bytes": 245000
}

Comments

Loading comments...