Minimax Monitor

The bundle contains a Node.js server (mmx-monitor-server.js) that is vulnerable to shell injection due to the use of execSync and exec with unsanitized string interpolation in the runMmx functions. Additionally, the server implements a broad CORS policy (Access-Control-Allow-Origin: *) on a local port (9876), which could allow malicious websites visited by the user to interact with the local API and potentially access the MiniMax API key. While these represent significant security flaws (vulnerabilities), there is no clear evidence of intentional malice or data exfiltration to unauthorized third-party domains.