minimax-web-search

The skill's stated purpose (performing web searches via a MiniMax MCP server) aligns with the capabilities described (install uvx, install/run minimax-coding-plan-mcp, read API key, call web_search). However, there are material supply-chain risks: the README recommends running a remote installer via curl | sh, installing a third-party MCP package that will execute locally, and storing the API key in plaintext. These are not direct proofs of malicious behavior but are high-risk patterns for credential leakage and supply-chain compromise. Recommend avoiding pipe-to-shell install or auditing the installer and the minimax-coding-plan-mcp package before running; secure the API key (restrict file permissions or use a secret manager).