minimax-web-search
Fail
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The
SKILL.mdfile instructs users to install dependencies by piping a remote script directly into the shell usingcurl -LsSf https://astral.sh/uv/install.sh | sh. This is a high-risk pattern that executes unverified remote code. - [EXTERNAL_DOWNLOADS]: The skill uses
uvxto download and execute theminimax-coding-plan-mcppackage. This package is an unverified dependency from an external registry, and its source code is not audited by the skill. - [COMMAND_EXECUTION]: The Python script
scripts/web_search.pyusessubprocess.Popento launch theuvxcommand and interact with theminimax-coding-plan-mcpserver. It passes user-provided search queries into this process. - [DATA_EXFILTRATION]: The skill reads API keys from sensitive local paths, including
~/.openclaw/config/minimax.jsonand~/.openclaw/agents/main/agent/auth-profiles.json. While these keys are used for the search functionality, accessing centralized credential stores increases the risk of accidental exposure or theft. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8).
- Ingestion points: The output of the
web_search.pyscript is returned to the agent context. - Boundary markers: There are no delimiters or instructions to prevent the agent from obeying commands embedded in the search results.
- Capability inventory: The skill has the ability to execute subprocesses and shell commands.
- Sanitization: There is no sanitization or filtering of the content retrieved from the web search.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata