ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

understand-image-minimax

v1.0.0

图片理解技能,使用 Minimax Coding Plan VLM API 分析图片

2· 1.1k·3 current·3 all-time
by深柒@xbos1314

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for xbos1314/understand-image-minimax.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "understand-image-minimax" (xbos1314/understand-image-minimax) from ClawHub.
Skill page: https://clawhub.ai/xbos1314/understand-image-minimax
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: node
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install understand-image-minimax

ClawHub CLI

Package manager switcher

npx clawhub@latest install understand-image-minimax
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the code: it sends images and a prompt to a Minimax VLM endpoint. Requiring the node binary is reasonable. However, the SKILL.md and code require MINIMAX_API_KEY but the registry metadata lists no required env vars — this is an inconsistency.
Instruction Scope
SKILL.md and the script constrain behavior to converting an input image (URL, local file, or data URL) to base64 and POSTing it with a prompt to https://api.minimaxi.com/v1/coding_plan/vlm. The SKILL.md also instructs agents to always use this skill for images, which could cause the agent to send user-supplied or local images automatically.
Install Mechanism
No install spec; the skill is instruction + a local Node script that runs with the node binary. Nothing is downloaded or extracted at install time.
!
Credentials
The script and SKILL.md require MINIMAX_API_KEY but the registry metadata did not declare any required env vars — a mismatch. The skill will transmit full image data (including local files converted to base64) to a third-party API, which is proportionate to an image-analysis skill but poses privacy risk; ensure the API key scope and trustworthiness of api.minimaxi.com.
Persistence & Privilege
always is false and the skill does not request persistent system-wide changes or modify other skills. It runs only when invoked.
What to consider before installing
Before installing, note three things: (1) The script expects MINIMAX_API_KEY in the environment but the registry metadata doesn't list it — the skill will fail or behave insecurely unless you set that key. (2) When invoked it will read local image files you pass (or download URLs) and send the full image (base64) to https://api.minimaxi.com; do not allow it to automatically run on sensitive images or folders. (3) Verify you trust the Minimax service and that the API key has appropriate, limited permissions; consider running the skill in a sandboxed environment, reviewing the included script, and ensuring the agent won't auto-invoke the skill on images you don't intend to upload. If you want tighter assurance, ask the publisher to update registry metadata to declare MINIMAX_API_KEY and provide a trustworthy homepage/source for the API.
scripts/understand.cjs:17
Environment variable access combined with network send.
!
scripts/understand.cjs:63
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🖼️ Clawdis
Binsnode
latestvk97a9798kydej86njwv6b9e23982s5wv
1.1kdownloads
2stars
1versions
Updated 8h ago
v1.0.0
MIT-0
深柒@xbos1314
latest
Download

Understand Image

使用 Minimax Coding Plan VLM API 分析图片内容。API Key 从环境变量 MINIMAX_API_KEY 读取。

当接收到用户发送的图片或用户询问图片的内容时请务必使用该技能

使用方法

node {baseDir}/scripts/understand.cjs "你的问题" "图片URL或本地路径"

示例

# 分析网络图片
node {baseDir}/scripts/understand.cjs "描述这张图片" "https://example.com/photo.jpg"

# 分析本地图片
node {baseDir}/scripts/understand.cjs "这张图片有什么" "/Users/xbos1314/Downloads/image.png"

# 询问具体问题
node {baseDir}/scripts/understand.cjs "图片中有几个人?" "https://example.com/group.jpg"

数据来源

API Key 从环境变量读取:

  • 环境变量:MINIMAX_API_KEY
  • API Host:固定为 https://api.minimaxi.com

支持的图片格式

  • JPEG (.jpg, .jpeg)
  • PNG (.png)
  • GIF (.gif)
  • WebP (.webp)

输入支持

  • 网络图片: 直接使用 HTTP/HTTPS URL
  • 本地图片: 使用绝对路径或相对路径
  • Base64: 支持 data: URL 格式

Comments

Loading comments...