dmxapi-image-generation
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a straightforward MiniMax image-generation instruction skill, with the main user-visible caveats being that it needs a MiniMax API key and sends prompts to MiniMax.
Use this skill only if you are comfortable providing a MiniMax API key and sending image prompts to api.minimaxi.com. Keep the key in an environment variable, monitor usage/quota, and avoid sensitive prompt content.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may consume the user's MiniMax quota or billable account access through the provided API key.
The skill requires a provider API credential to function. This is expected for MiniMax image generation, but the registry metadata lists no required env vars or primary credential.
使用方法:用户需要配置 MINIMAX_API_KEY 环境变量。 ... 用户需要:1. MiniMax API Key(sk-cp-xxx 格式)
Declare the credential in metadata, store the key in an environment variable rather than pasting it into prompts or code, and rotate/revoke it if exposed.
Text prompts and generation parameters may be processed by MiniMax under that provider's terms and privacy practices.
The documented workflow sends the user's image prompt to the MiniMax API. This is purpose-aligned and the destination is disclosed, but users should understand their prompts leave the local environment.
hostname: 'api.minimaxi.com', path: '/v1/image_generation', method: 'POST' ... prompt: '描述内容'
Avoid sending sensitive personal, confidential, or proprietary information in prompts unless the MiniMax account and data handling terms are acceptable.