minimax-web-search
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads the uv installation script from the official astral.sh domain and fetches the minimax-coding-plan-mcp package from an external registry.
- [REMOTE_CODE_EXECUTION]: Executes the remote uv installation script directly via a shell pipe (curl | sh), which is a high-risk execution pattern.
- [COMMAND_EXECUTION]: Spawns subprocesses to execute uvx, python3, and shell utilities for environment configuration and tool operations.
- [CREDENTIALS_UNSAFE]: Manages sensitive MiniMax API keys by reading from environment variables and writing to a local configuration file at ~/.openclaw/config/minimax.json.
- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection as external web search results are ingested and returned to the agent context without sanitization or boundary markers. Ingestion points: search results processed in scripts/web_search.py. Boundary markers: None present in the prompt interpolation. Capability inventory: subprocess execution of local tools and shell command execution. Sanitization: No escaping or validation of search result content is performed.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata