ClawHub

minimax-understand-image

Security checks across malware telemetry and agentic risk

Overview

The skill appears intended to analyze images with MiniMax, but its setup asks the agent to inspect a local auth-profile store and install unpinned external code, so users should review it before installing.

Install only if you are comfortable using a cloud MiniMax service for the images and prompts you provide. Prefer setting `MINIMAX_API_KEY` yourself instead of letting the skill inspect `auth-profiles.json`, verify the MCP package source and version before running it, and protect or avoid plaintext storage of the API key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The documentation says the skill is for image understanding, but installs and invokes the package `minimax-coding-plan-mcp`, which appears unrelated to the stated purpose. This mismatch increases supply-chain and user-deception risk because users may install a broader or incorrect tool than intended.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill instructs searching another local auth/profile file for API keys, which expands access into unrelated credential stores beyond what is needed to analyze an image. This can expose secrets from other services or profiles and normalizes credential harvesting behavior inside the skill flow.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill reads, requests, and persists API keys locally without clear warnings about credential sensitivity, storage risks, or file permissions. In a skill that also uses shell and file operations, this creates unnecessary risk of secret exposure, misuse, or accidental retention.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The instructions tell users to download and execute a remote install script directly from the network without verification or a safety warning. This creates a classic remote code execution and supply-chain risk if the source is compromised, intercepted, or replaced.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script sends the provided image source and prompt to an external MiniMax service, but there is no explicit user-facing notice or consent step at runtime. This can cause unintended disclosure of local image contents, sensitive prompts, or private URLs when users assume the tool works entirely locally.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal