minimax-understand-image
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: minimax-understand-image Version: 1.0.3 The skill is classified as suspicious primarily due to the `SKILL.md` instructions. It directs the agent to execute `curl -LsSf https://astral.sh/uv/install.sh | sh` for dependency installation, which is a significant supply chain vulnerability as it executes an arbitrary script from the internet without prior inspection. Additionally, `SKILL.md` instructs the agent to read `~/.openclaw/agents/main/agent/auth-profiles.json` to find API keys, which, while intended for a legitimate purpose, could expose sensitive data if the agent is maliciously prompted to misuse this capability. The `understand_image.py` script itself appears to handle inputs and API keys securely via JSON-RPC, but the installation and configuration steps in `SKILL.md` introduce notable risks.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may open a local file that can contain stored account credentials or profiles, potentially bringing more secrets into context than the image-analysis task requires.
The workflow directs the agent to inspect a local auth-profile store for a MiniMax API key and then persist a key in a local config file. Although it says to confirm use of a matching key, the auth-profile read itself is sensitive and not narrowly implemented in the included code.
尝试从 ~/.openclaw/agents/main/agent/auth-profiles.json 中的配置文件中获取 ... 找到匹配的 Key 后,询问用户确认是否使用 ... cat > ~/.openclaw/config/minimax.json
Require explicit user approval before reading auth-profiles.json, declare the MiniMax credential/config path in metadata, only parse a specific MiniMax profile, avoid displaying unrelated secrets, and store the key with restrictive file permissions.
If the user's shell contains unrelated tokens or secrets, the external MCP process can access them even though they are not needed for image analysis.
The spawned minimax-coding-plan-mcp process inherits the user's full environment in addition to MINIMAX_API_KEY and MiniMax-specific settings.
env={**os.environ, **env}Run the skill from a clean environment or update the script to pass only the minimal environment variables needed for the MCP server, such as PATH, HOME, and MiniMax-specific variables.
The behavior of the skill depends on code fetched from external package sources at setup/runtime, so future package changes could affect what runs locally.
The setup instructions download and execute an installer script and install an unpinned external MCP package. This is user-directed and related to the skill's purpose, but the package source/version is not pinned in an install spec.
curl -LsSf https://astral.sh/uv/install.sh | sh ... uvx install minimax-coding-plan-mcp
Pin the MCP package version, provide a formal install spec or checksum/provenance details, and prefer reviewed installation steps over piping downloaded scripts directly to a shell.