ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Minimax Image

v1.1.0

Generate images using MiniMax API (image-01 model). Automatically optimizes prompts for better results. Use when user asks to generate images, create picture...

0· 102·0 current·0 all-time
by@lilmrmeeseeks

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for lilmrmeeseeks/openclaw-minimax-img.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Minimax Image" (lilmrmeeseeks/openclaw-minimax-img) from ClawHub.
Skill page: https://clawhub.ai/lilmrmeeseeks/openclaw-minimax-img
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install openclaw-minimax-img

ClawHub CLI

Package manager switcher

npx clawhub@latest install openclaw-minimax-img
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code (index.js) implements prompt optimization and calls an external image-generation API (model image-01) which is consistent with the skill name/description. The dependency (axios) is reasonable for HTTP calls. However, the registry metadata claims no required env vars while SKILL.md and the code require an API key, an inconsistency that reduces trust in the manifest.
!
Instruction Scope
SKILL.md instructs the agent to use MINIMAX_API_KEY or AIMLAPI_API_KEY and to call https://api.minimaxi.com/v1/image_generation; the runtime code follows that. The instructions do not request other files or broad system data. The concern is that the skill metadata does not declare the required env vars (so the skill may fail or prompt users unexpectedly), and the SKILL.md is the authoritative runtime instruction but is out of sync with the registry metadata.
Install Mechanism
There is no install spec (instruction-only install), which is lower risk. But the package includes code and package.json/package-lock.json with dependencies (axios). That implies the runtime environment must provide Node and install dependencies; the lack of an explicit install specification is an operational mismatch (not inherently malicious) and could cause surprises if dependencies are not installed automatically.
!
Credentials
The code requires a single API credential (MINIMAX_API_KEY or AIMLAPI_API_KEY), which is proportional for a third-party API. The problem is the registry metadata declares no required env vars/primary credential, creating a mismatch. Also confirm what provider 'minimaxi.com' is and whether the API key you provide is scoped appropriately — the skill will send prompts and any returned URLs to that external service.
Persistence & Privilege
The skill does not request permanent presence (always: false). It does not modify other skills or system configs. Autonomous invocation is allowed by default but not combined with other high-risk flags here.
What to consider before installing
This skill's code does what its description claims (optimizes prompts and calls an external image API), but the package/registry metadata and file manifests are inconsistent. Before installing: 1) Verify you trust the API host (https://api.minimaxi.com) and the origin of this skill; 2) Only provide an API key if you understand its scope and trust the service — the skill will send your prompt text to that endpoint; 3) Expect to need Node and to install dependencies (axios) since package.json is present but no install step is declared; 4) Note the registry metadata lists no required env vars while SKILL.md and index.js require MINIMAX_API_KEY or AIMLAPI_API_KEY — ask the publisher to fix the manifest/version mismatches (package.json/_meta.json vs SKILL.md/registry) before trusting automatic installs. If you cannot verify the provider or publisher, do not supply sensitive or reuse API keys.
index.js:95
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97aer1pfvd10qcq0v4sj28wts83gv41
102downloads
0stars
1versions
Updated 1mo ago
v1.1.0
MIT-0
@lilmrmeeseeks
latest
Download

MiniMax Image Generator v1.1.0

Generate images using MiniMax API with automatic prompt optimization.

Version 1.1.0 Updates

  • Auto-prompt optimization: Automatically converts user input into concise, clear English prompts
  • Better image generation results through optimized prompts

Usage

/minimax 一只可爱的橘猫
/画图 赛博朋克城市夜景
/minimax 帮我画一幅未来科技感的城市

Environment

Requires MINIMAX_API_KEY or AIMLAPI_API_KEY environment variable.

Auto-Prompt Optimization

The skill automatically:

  1. Receives user's Chinese/English input
  2. Converts to concise English prompt optimized for image generation
  3. Adds relevant keywords for style, lighting, quality
  4. Generates image with optimized prompt

API

  • Endpoint: https://api.minimaxi.com/v1/image_generation
  • Model: image-01
  • Aspect Ratio: 16:9 (default)

Comments

Loading comments...