minimax-multimodal-toolkit
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The toolkit uses FFmpeg and ffprobe for media processing. All commands are constructed using bash arrays and executed with proper quoting, which effectively prevents shell injection vulnerabilities.
- [CREDENTIALS_UNSAFE]: API keys are handled securely through environment variables and .env files. The scripts include a custom environment loader that safely reads configuration without using dangerous functions like
eval. - [EXTERNAL_DOWNLOADS]: Generated media files are downloaded from the official MiniMax API domains (
api.minimaxi.comandapi.minimax.io). These are verified vendor resources required for the toolkit's functionality. - [SAFE]: All external service communications and resource references are directed to the official developer's infrastructure and follow industry standard practices for API interaction.
Audit Metadata