Skillv1.0.0

ClawScan security

MiniMax Speech 2.8 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 14, 2026, 12:04 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: This package is a plausible MiniMax TTS helper, but the registry metadata omits a required MINIMAX_API_KEY and the CLI allows overriding the target endpoint — mismatches that could enable accidental credential misuse or exfiltration.
Guidance: This appears to be a legitimate MiniMax TTS helper, but be cautious before installing or running it. Key points: - The script requires MINIMAX_API_KEY even though the registry metadata doesn't declare it; verify you are comfortable providing that API key and understand its privilege level (create a limited/test key if possible). - The CLI accepts an --endpoint override; do not point it at unknown or untrusted URLs, because your API key and audio payloads will be sent there. Prefer the default https://api.minimax.io endpoints or your organization's approved endpoints. - Inspect scripts/minimax_tts.py (already present) yourself — it is short and readable; run it in an isolated environment (virtualenv/container) and test with a limited-key account before using real/production credentials. - If you rely on the registry metadata for automation, update or correct the metadata to declare MINIMAX_API_KEY so tools and reviewers are not misled. If you want higher assurance, ask the publisher for a homepage/source repo, or request a signed/reproducible release from an identifiable maintainer.

Review Dimensions

Purpose & Capability: concernThe skill's name/description match the code and SKILL.md: it performs TTS and voice-catalog requests. However, the registry metadata declares no required environment variables or primary credential, while both SKILL.md and scripts/minimax_tts.py require MINIMAX_API_KEY; that metadata omission is an incoherence (the skill actually needs a credential to work).
Instruction Scope: noteThe runtime instructions stay within TTS/catalog lookup scope (install requests, set MINIMAX_API_KEY, run the provided CLI). The script prints/dumps API responses and writes audio/catalog JSON to disk. One noteworthy capability: both the SKILL.md and script allow overriding the API endpoint (--endpoint), so an operator or an automated agent could be directed to send the API key and payload to an arbitrary URL — this is expected for debugging/region overrides but increases the risk surface if endpoints are malicious.
Install Mechanism: okNo install spec in the registry; SKILL.md asks only for 'pip install requests' and Python 3.11+. There are no remote downloads, no archive extraction, and the only included code is a single Python script. This is low installation risk.
Credentials: concernThe script requires MINIMAX_API_KEY (checked at runtime) but the registry metadata lists no required env vars or primary credential — an inconsistency that could mislead users about what secrets they must provide. Requiring a single API key is proportionate to a TTS client, but because the CLI can target an arbitrary endpoint, supplying the key could result in it being sent to unexpected endpoints if the endpoint is changed.
Persistence & Privilege: okThe skill does not request 'always: true', does not modify other skills or system-wide settings, and is runnable only when invoked. It writes output files only when asked and does not request elevated or persistent privileges.