minimax-cp Security Report — High Risk | ClawSafe

65 /100

minimax-cp

使用 MiniMax Coding Plan API 进行网页搜索和图像理解

Hardcoded MiniMax API key exposed in source code creates severe credential theft risk; documented as 'built-in' but not flagged as a critical secret.

Skill Nameminimax-cp

Duration137.1s

Enginepi

⛔

Do not install this skill

Remove hardcoded API key immediately. Use environment variable injection or secure secret management. Regenerate the exposed API key as it may be compromised.

Attack Chain 3 steps

⬡

Escalation Attacker obtains source code (repo leak, git history, or shared archive)

scripts/mmsearch.py:11

◉

Impact Attacker extracts hardcoded API key and uses it for unauthorized API calls at victim's expense

scripts/mmsearch.py:11

◉

Impact Victim may exceed API quota or incur charges from key abuse

scripts/mmsearch.py:11

Findings 4 items

Severity	Finding	Location
Critical	Hardcoded MiniMax API Key Exposed Credential Theft A real MiniMax API key (sk-cp-...) is hardcoded in plaintext in both mmsearch.py and mmvision.py. If this repo is leaked, shared, or committed to version control, the credential is compromised. `os.environ["MINIMAX_API_KEY"] = "sk-cp-_opubDWoTJY5qpJAoI_AFpXQ_RC4rMuuHzCFeNKLQHwXzykGUAyD-k7wKHiwiGNJB8Op-s_AZqXCeXtSgjBEQMjNHOvGlKutYUx6brckZBFhrqbzj4xWvK4"` → Remove the hardcoded key. Use os.environ.get('MINIMAX_API_KEY') to read from environment. Document required env var clearly.	`scripts/mmsearch.py:11`
Critical	Hardcoded MiniMax API Key (Duplicate) Credential Theft Same hardcoded API key appears in mmvision.py `os.environ["MINIMAX_API_KEY"] = "sk-cp-_opubDWoTJY5qpJAoI_AFpXQ_RC4rMuuHzCFeNKLQHwXzykGUAyD-k7wKHiwiGNJB8Op-s_AZqXCeXtSgjBEQMjNHOvGlKutYUx6brckZBFhrqbzj4xWvK4"` → Same as above - remove and use environment variable.	`scripts/mmvision.py:11`
Medium	API Key Disclosure Inadequately Warned Doc Mismatch SKILL.md says 'MINIMAX_API_KEY 环境变量（已内置在脚本中）' which translates to 'built into script'. This downplays the severity - the key is a real credential, not a placeholder or safe default. `MINIMAX_API_KEY 环境变量（已内置在脚本中）` → Clearly document that users should provide their own API key and that no credential is pre-configured.	`SKILL.md:37`
Medium	Environment Variable Overwriting Sensitive Access Scripts overwrite any existing MINIMAX_API_KEY in the environment with a hardcoded value, potentially shadowing user-provided credentials. `os.environ["MINIMAX_API_KEY"] = "sk-cp-..."` → Use os.environ.setdefault() or only set if not already present.	`scripts/mmsearch.py:11`

Resource	Declared	Inferred	Status	Evidence
Shell	`WRITE`	`WRITE`	✓ Aligned	subprocess.Popen in mmsearch.py:18, mmvision.py:18
Environment	`NONE`	`WRITE`	✗ Violation	os.environ assignment in mmsearch.py:11, mmvision.py:11

1 findings

🔗

Medium External URL 外部 URL

https://api.minimaxi.com

scripts/mmsearch.py:11

File Tree

3 files · 7.1 KB · 267 lines

Python 2f · 223L Markdown 1f · 44L

├─ ▾ 📁 scripts

│ ├─ 🐍 mmsearch.py Python 108L · 2.8 KB

│ └─ 🐍 mmvision.py Python 115L · 3.1 KB

└─ 📝 SKILL.md Markdown 44L · 1.3 KB

Dependencies 2 items

Package	Version	Source	Known Vulns	Notes
`uvx`	`unspecified`	pip	No	Not pinned, used to run minimax-coding-plan-mcp
`minimax-coding-plan-mcp`	`unspecified`	uvx	No	Not pinned, fetched from PyPI at runtime

Security Positives

✓ Subprocess usage is documented and follows expected MCP workflow

✓ No base64 encoding or obfuscation detected

✓ No network exfiltration or C2 communication observed

✓ No credential harvesting from ~/.ssh, ~/.aws, or other sensitive paths

✓ External API calls are limited to documented MiniMax endpoint

Scan Report

Attack Chain 3 steps

Findings 4 items

File Tree

Dependencies 2 items

Security Positives