中文 EN
Start Review
Skill Trust Decision

minimax-cp

Hardcoded MiniMax API key exposed in source code creates severe credential theft risk; documented as 'built-in' but not flagged as a critical secret.

Install decision first Source: Manual upload Scanned: Apr 4, 2026
Files 3
Artifacts 1
Violations 1
Findings 4
Most direct threat evidence
Critical Credential Theft
Hardcoded MiniMax API Key Exposed

A real MiniMax API key (sk-cp-...) is hardcoded in plaintext in both mmsearch.py and mmvision.py. If this repo is leaked, shared, or committed to version control, the credential is compromised.

scripts/mmsearch.py:11

Why this conclusion was reached

2/4 dimensions flagged
Block
Declared vs actual capability

1 undeclared or violating capabilities were inferred.

Review
Hidden execution and egress

1 lower-risk artifacts were extracted and still need context.

Block
Attack chain and severe findings

The report includes 3 attack-chain steps and 2 severe findings.

Review
Dependencies and supply chain hygiene

2 dependency or supply-chain issues need attention.

Attack Chain

01
Attacker obtains source code (repo leak, git history, or shared archive)

reconnaissance · scripts/mmsearch.py:11

02
Attacker extracts hardcoded API key and uses it for unauthorized API calls at victim's expense

Impact · scripts/mmsearch.py:11

03
Victim may exceed API quota or incur charges from key abuse

Impact · scripts/mmsearch.py:11

What drove the risk score up

Hardcoded API key in source code +40

MiniMax API key 'sk-cp-...' embedded in plaintext in scripts/mmsearch.py and scripts/mmvision.py

Documentation deception +15

SKILL.md mentions 'built-in' key but fails to warn this is a real exposed credential

Shell execution (subprocess) +10

Uses subprocess.Popen with uvx, declared in docs but adds attack surface

Most important evidence

Critical Credential Theft

Hardcoded MiniMax API Key Exposed

A real MiniMax API key (sk-cp-...) is hardcoded in plaintext in both mmsearch.py and mmvision.py. If this repo is leaked, shared, or committed to version control, the credential is compromised.

scripts/mmsearch.py:11
Remove the hardcoded key. Use os.environ.get('MINIMAX_API_KEY') to read from environment. Document required env var clearly.
Critical Credential Theft

Hardcoded MiniMax API Key (Duplicate)

Same hardcoded API key appears in mmvision.py

scripts/mmvision.py:11
Same as above - remove and use environment variable.
Medium Doc Mismatch

API Key Disclosure Inadequately Warned

SKILL.md says 'MINIMAX_API_KEY 环境变量(已内置在脚本中)' which translates to 'built into script'. This downplays the severity - the key is a real credential, not a placeholder or safe default.

SKILL.md:37
Clearly document that users should provide their own API key and that no credential is pre-configured.
Medium Sensitive Access

Environment Variable Overwriting

Scripts overwrite any existing MINIMAX_API_KEY in the environment with a hardcoded value, potentially shadowing user-provided credentials.

scripts/mmsearch.py:11
Use os.environ.setdefault() or only set if not already present.

Declared capability vs actual capability

Shell Pass
Declared WRITE
Inferred WRITE
subprocess.Popen in mmsearch.py:18, mmvision.py:18
Environment Block
Declared NONE
Inferred WRITE
os.environ assignment in mmsearch.py:11, mmvision.py:11

Suspicious artifacts and egress

Medium External URL
https://api.minimaxi.com

scripts/mmsearch.py:11

Dependencies and supply chain

PackageVersionSourceKnown vulnNotes
uvx unspecified pip No Not pinned, used to run minimax-coding-plan-mcp
minimax-coding-plan-mcp unspecified uvx No Not pinned, fetched from PyPI at runtime

File composition

3 files · 267 lines
Python 2 files · 223 linesMarkdown 1 files · 44 lines
Files of concern · 3
scripts/mmvision.py Python · 115 lines
Hardcoded MiniMax API Key (Duplicate)
scripts/mmsearch.py Python · 108 lines
Hardcoded MiniMax API Key Exposed · Environment Variable Overwriting · https://api.minimaxi.com
SKILL.md Markdown · 44 lines
API Key Disclosure Inadequately Warned

Security positives

Subprocess usage is documented and follows expected MCP workflow
No base64 encoding or obfuscation detected
No network exfiltration or C2 communication observed
No credential harvesting from ~/.ssh, ~/.aws, or other sensitive paths
External API calls are limited to documented MiniMax endpoint