minimax-web-search
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: minimax-web-search Version: 1.0.7 The skill is classified as suspicious due to two main vulnerabilities. First, the `SKILL.md` instructs the agent to install `uv` using `curl -LsSf https://astral.sh/uv/install.sh | sh`, which is a high-risk practice vulnerable to supply chain attacks if the remote script or its source is compromised. Second, the `SKILL.md` also presents a shell injection vulnerability where the user-provided `<搜索查询>` is directly inserted into a shell command (`python3 {curDir}/scripts/web_search.py "<搜索查询>"`) without explicit sanitization, potentially allowing an attacker to execute arbitrary commands if the OpenClaw agent does not sanitize input. The `scripts/web_search.py` itself appears to handle the query safely once received as an argument, passing it as a JSON string to the `minimax-coding-plan-mcp` tool, and communicates with the legitimate `https://api.minimaxi.com` endpoint.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your MiniMax API key could be displayed and copied into places where it may be retained or seen by others, potentially allowing account use or billing charges.
This configuration check prints the raw MiniMax API key instead of only checking whether it exists, which can expose the credential in terminal output, agent context, or logs.
cat ~/.openclaw/config/minimax.json 2>/dev/null | python3 -c "import json,sys; d=json.load(sys.stdin); print(d.get('api_key', ''))"Replace this check with a masked or boolean check, such as printing only 'configured' or 'missing', and revoke/rotate the key if it has already been exposed.
The skill depends on external code that was not reviewed in these artifacts, so a compromised or changed dependency could affect your environment.
The setup instructions install tooling from a remote shell script and install the MCP package without a pinned version. This is disclosed and purpose-related, but the downloaded code is outside the provided artifacts.
curl -LsSf https://astral.sh/uv/install.sh | sh ... uvx install minimax-coding-plan-mcp
Verify the uv installer and minimax-coding-plan-mcp package source, prefer pinned versions or a reviewed install spec, and install only from trusted package indexes.
A local third-party MCP package will run on your machine during searches and may have access to environment variables available to the agent process.
At runtime the script launches the external MCP server process. This is expected for a MiniMax MCP integration, but it means the installed package executes locally and receives the process environment.
subprocess.Popen(['uvx', 'minimax-coding-plan-mcp'], stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, env={**os.environ, **env}, text=True)Run only after verifying the MCP package, avoid keeping unrelated secrets in the agent environment, and consider constraining the environment passed to the subprocess.
Your search queries, including any sensitive text you include, may be sent to MiniMax for processing.
Search queries are sent through the MiniMax MCP tool to the MiniMax API host. This is the core purpose of the skill, but it is still an external provider data flow.
'MINIMAX_API_HOST': 'https://api.minimaxi.com' ... 'name': 'web_search', 'arguments': {'query': query}Do not include private secrets in search queries unless you are comfortable sending them to MiniMax under its service terms.