minimax-understand-image
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation instructions utilize a shell pipe to execute a setup script from 'astral.sh' for the 'uv' package manager. This is a common installation pattern for this well-known development tool.
- [EXTERNAL_DOWNLOADS]: The skill downloads the 'minimax-coding-plan-mcp' package from an external registry using the 'uvx' tool to provide the core image analysis functionality.
- [COMMAND_EXECUTION]: The Python script 'scripts/understand_image.py' uses 'subprocess.Popen' to launch and communicate with the 'minimax-coding-plan-mcp' server using standard input/output.
- [PROMPT_INJECTION]: The skill processes user-supplied prompts and image sources that are passed to a downstream MCP server, creating a surface for indirect prompt injection.
- Ingestion points: Command-line arguments in 'scripts/understand_image.py' accept the image path/URL and the user prompt.
- Boundary markers: The script wraps input data within a JSON-RPC request structure before transmission.
- Capability inventory: The script executes 'uvx' to run the MCP server and can perform network requests or file reads based on the provided image source.
- Sanitization: Input values are serialized into a JSON string, which prevents command injection into the subprocess shell but does not sanitize the content of the prompt itself.
- [CREDENTIALS_UNSAFE]: The skill instructions and scripts manage a sensitive API key stored in the local file system at '~/.openclaw/config/minimax.json'.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata