Back to skill

Security audit

minimax-web-search

Security checks across malware telemetry and agentic risk

Overview

The skill performs the advertised MiniMax web search, but its setup can expose and persist an API key in ways users should review first.

Review before installing. Use a dedicated MiniMax API key with limited billing exposure, avoid running the documented key-check command unless it is changed to mask the key, and prefer setting the key through a secure secret mechanism instead of plaintext config. Verify the uv installer and minimax-coding-plan-mcp package source, and avoid placing private data in search queries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The documentation instructs the agent to collect, persist, and reuse a MiniMax API key, which expands the skill from simple web search into credential handling and long-term secret storage. Storing reusable credentials on disk creates exposure through later compromise, accidental disclosure, or use beyond the original user intent.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger conditions are broad enough to match routine requests like 'search for information' or 'latest news,' which can cause this higher-capability skill to activate in many ordinary situations. Because the skill can install tools, read configs, and invoke shell commands, over-triggering increases the chance of unnecessary sensitive actions without deliberate user approval.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill tells the agent to read and store an API key from user config without explicit warning, consent, or guidance on secret handling. In a search skill, silent credential access is more dangerous because users may expect information retrieval, not local secret inspection and persistence.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script loads the MiniMax API key from the environment or a local config file and forwards it to an external subprocess, while also inheriting the rest of the parent environment. That expands the trust boundary to the called tool and any of its dependencies, increasing the risk of credential leakage through logs, child-process introspection, misbehavior in the MCP package, or supply-chain compromise.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.