ClawHub

Minimax Coding Plan Tool

Security checks across malware telemetry and agentic risk

Overview

This MiniMax wrapper mostly does what it says, but it includes unsafe credential guidance and some capability/documentation mismatches users should review before installing.

Review before installing. Do not copy or use the embedded sk-cp token; configure only your own credential through a secure secret path. Only submit prompts, searches, and image files you are comfortable sending to MiniMax, and expect this version to provide web search, image understanding, and image generation rather than the full speech/video feature set described in the docs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The skill documentation materially misstates behavior: it adds web search and local file reading while the top-level description omits those capabilities, and it advertises speech/video features that static analysis says are not implemented. This kind of mismatch can mislead users and host agents about what data the skill can access and what actions it will actually perform, increasing the risk of unintended data exposure or unsafe trust decisions.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The manifest description omits web search even though the skill documentation says it supports that capability. Hidden or under-declared network functionality is security-relevant because users may invoke the skill expecting only media generation/analysis, while it can also send prompts or queries to external search endpoints and retrieve untrusted web content.

Natural-Language Policy Violations

High
Confidence
98% confidence
Finding
The documentation includes what appears to be a live hard-coded API token example in a configuration command. Embedding a realistic secret in published skill content is dangerous because it may expose valid credentials, encourage copy-paste use of someone else's token, and normalize insecure secret-handling practices; the explicit token string also raises suspicion rather than trust.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The image-understanding path accepts an arbitrary local file path, reads the file, base64-encodes it, and sends it to a remote MiniMax API. In an agent setting, this can cause unintended exfiltration of sensitive local files if a user or upstream prompt supplies a path to private content, especially because the tool description does not prominently warn that local files are uploaded off-host.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal