MiniMax image-01 · AI Text-to-Image Tool

Security checks across malware telemetry and agentic risk

Overview

This is a coherent MiniMax image-generation skill, with normal cautions about sending prompts to MiniMax and consuming API quota.

Install only if you are comfortable sending image prompts and generation settings to MiniMax and using your MiniMax image quota. Keep MINIMAX_API_KEY secret, avoid confidential or regulated prompt content, and review image count/output directory before running batch generations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill manifest only declares an environment variable allowlist, but the documented behavior clearly relies on network access to external MiniMax endpoints. Undeclared capabilities reduce transparency and can prevent users or policy systems from understanding that prompts and related data will leave the local environment.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 84% confidence
Finding: The manifest description understates behavior by omitting prompt rewriting, multiple-image generation, aspect-ratio controls, and output directory handling. This mismatch is dangerous because users may consent to one behavior while the tool actually modifies their input and can generate/transmit more content than expected, affecting privacy, cost, and policy compliance.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The listed trigger phrases are common conversational requests such as '帮我画' and '画一只猫', which are broad enough to match ordinary user messages and cause unintended invocation of the skill. In an agent setting, overly permissive triggers can lead to surprise tool use, unwanted API calls, and unintended consumption of the user's image-generation quota or transmission of prompts to an external service.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The listing states that natural-language requests will 'automatically execute' a Python command, but it does not clearly warn the user that a subprocess/tool action will run or that data will be sent to MiniMax APIs. This reduces informed consent and can result in unexpected external requests, token/quota consumption, and execution of local tooling based on ordinary chat input.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The listing advertises extremely broad natural-language triggers like “帮我画” and “画一只猫” without any scope constraint, making accidental or overbroad invocation more likely in normal conversation. In an agent ecosystem, such generic triggers can cause the skill to activate when the user did not clearly intend to send content to this tool, which may result in unintended prompt transmission to an external image-generation API.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The description highlights functionality and API endpoints but does not clearly warn that user prompts are transmitted to third-party MiniMax services. Because prompts may contain sensitive personal, business, or regulated data, omission of this disclosure can mislead users into sharing content they would not knowingly send to an external provider.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The description includes broad trigger phrases such as common requests to 'draw' or 'generate an image,' which may overlap with ordinary conversation. Overbroad activation can cause the skill to trigger unexpectedly and send user content to an external service without clear user intent for this specific provider.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill presents itself as an image tool but does not prominently warn that prompts are sent to a third-party API. Because prompts may contain sensitive or proprietary information, the omission creates a meaningful privacy and data-handling risk in normal use.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal