Skillv1.0.0

ClawScan security

MiniMax CLI (mmx) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 8:06 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The SKILL.md appears to document a legitimate CLI (mmx) for multimodal tasks, but it asks the user/agent to provide an API key in plain text while declaring no credentials or env vars and has no verifiable source/homepage — these mismatches and the instruction to paste secrets into prompts are concerning.
Guidance: This SKILL.md documents a real-looking CLI but has important gaps: it shows commands that require an API key yet the skill metadata declares no credentials and the source/homepage are missing. Do not paste your API key into prompts to the agent. Before installing or running anything: 1) verify the npm package (mmx-cli) and GitHub repository exist and are trustworthy; 2) prefer logging in locally via secure storage or environment variables rather than embedding keys in chat prompts; 3) if you must use the agent to set up the CLI, provide a short-lived or limited-scope key and monitor usage/quota; 4) audit any npm package you install, and run installs in an isolated environment (container/VM) if you cannot verify the publisher. If you want, I can help check the npm package and GitHub repo for the mmx-cli package and list what to look for (maintainers, downloads, recent releases, readme, license).

Review Dimensions

Purpose & Capability: noteThe name/description match the instructions: this is a CLI for image/video/audio/text tasks and the examples show expected commands. However, the skill never declares that an API key or primary credential is required even though the docs repeatedly show 'mmx auth login --api-key <your-api-key>' and an explicit 'Agent 安装方式' that tells the agent the user's key. Also the source/homepage are unknown, so the origin of the described npm package cannot be verified.
Instruction Scope: concernSKILL.md explicitly instructs the agent/user to give the agent the API key in a prompt ('我的密钥是 <your-key>') and shows many examples that read local files (images, lyrics, text-file, piping stdin) and upload them (base64 or file-id). While file access and uploads are expected for a CLI, the explicit instruction to inject a secret into a prompt and to read arbitrary local paths increases risk of secret exposure/exfiltration if the agent is invoked without safeguards.
Install Mechanism: noteThere is no install spec in the skill bundle (instruction-only), which is low risk for disk writes. The docs recommend 'npm install -g mmx-cli' and link a GitHub URL, but the package/source are not provided in the skill metadata (source unknown, no homepage). Installing an external npm package is an external dependency the user should audit before running.
Credentials: concernThe documented workflow requires an API key to authenticate (shown in examples), but the skill metadata lists no required environment variables or primary credential. This mismatch means secrets handling is unspecified and the skill instructs the user to expose the key in prompts rather than declaring and recommending secure env var usage.
Persistence & Privilege: okThe skill does not request permanent presence (always: false) and does not modify agent/system configuration in the provided instructions. Autonomous invocation is allowed by default (disable-model-invocation: false) but that is normal; nothing else in the bundle requests elevated persistence.