扫描报告
0 /100
understand-image-minimax
图片理解技能,使用 Minimax Coding Plan VLM API 分析图片
A legitimate image understanding skill that properly declares all resource usage and performs only image analysis via the Minimax API.
可以安装
This skill is safe to use. All capabilities (filesystem read, network read, environment variable access) are declared and necessary for the stated image analysis functionality.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | scripts/understand.cjs:61 - fs.readFileSync(resolvedPath) |
| 网络访问 | READ | READ | ✓ 一致 | scripts/understand.cjs:76 - fetch(imageUrl), scripts/understand.cjs:104 - fetch(… |
| 环境变量 | READ | READ | ✓ 一致 | scripts/understand.cjs:22 - process.env.MINIMAX_API_KEY |
1 项发现
中危 外部 URL 外部 URL
https://api.minimaxi.com SKILL.md:36 目录结构
2 文件 · 5.3 KB · 193 行 JavaScript 1f · 144L
Markdown 1f · 49L
├─
▾
scripts
│ └─
understand.cjs
JavaScript
└─
SKILL.md
Markdown
安全亮点
✓ All resource access is explicitly declared in SKILL.md
✓ API key is used only for local authentication with the declared Minimax API
✓ No credential exfiltration - keys never leave the local environment
✓ No obfuscation techniques (base64 piped to bash, eval, etc.)
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env files)
✓ No remote script execution (curl|bash, wget|sh)
✓ No supply chain risks - only uses Node.js built-in modules (fs, path)
✓ No suspicious network destinations beyond the declared API endpoint