安全决策报告

minimax-cp

Name: minimax-cp 可信度判断报告
Item: minimax-cp
Rating: 35
Author: ClawSafe

Hardcoded MiniMax API key exposed in source code creates severe credential theft risk; documented as 'built-in' but not flagged as a critical secret.

安装决策优先来源: 手动上传扫描时间: 2026/4/4

文件 3

IOC 1

越权项 1

发现 4

最直接的威胁证据

严重凭证窃取

Hardcoded MiniMax API Key Exposed

A real MiniMax API key (sk-cp-...) is hardcoded in plaintext in both mmsearch.py and mmvision.py. If this repo is leaked, shared, or committed to version control, the credential is compromised.

scripts/mmsearch.py:11

为什么得出这个结论

2/4 个维度触发

阻止

声明与实际能力

发现 1 项声明之外的能力或越权行为。

复核

隐藏执行与外联

提取到 1 个一般风险产物，需要结合上下文判断。

阻止

攻击链与高危发现

报告包含 3 步攻击链，另有 2 项高危或严重发现。

复核

依赖与供应链卫生

发现 2 项需要关注的依赖或供应链线索。

攻击链

Attacker obtains source code (repo leak, git history, or shared archive)

reconnaissance · scripts/mmsearch.py:11

Attacker extracts hardcoded API key and uses it for unauthorized API calls at victim's expense

最终危害 · scripts/mmsearch.py:11

Victim may exceed API quota or incur charges from key abuse

最终危害 · scripts/mmsearch.py:11

风险分是怎么被拉高的

Hardcoded API key in source code +40

MiniMax API key 'sk-cp-...' embedded in plaintext in scripts/mmsearch.py and scripts/mmvision.py

Documentation deception +15

SKILL.md mentions 'built-in' key but fails to warn this is a real exposed credential

Shell execution (subprocess) +10

Uses subprocess.Popen with uvx, declared in docs but adds attack surface

最关键的证据

严重凭证窃取

Hardcoded MiniMax API Key Exposed

A real MiniMax API key (sk-cp-...) is hardcoded in plaintext in both mmsearch.py and mmvision.py. If this repo is leaked, shared, or committed to version control, the credential is compromised.

scripts/mmsearch.py:11

Remove the hardcoded key. Use os.environ.get('MINIMAX_API_KEY') to read from environment. Document required env var clearly.

严重凭证窃取

Hardcoded MiniMax API Key (Duplicate)

Same hardcoded API key appears in mmvision.py

scripts/mmvision.py:11

Same as above - remove and use environment variable.

中危文档欺骗

API Key Disclosure Inadequately Warned

SKILL.md says 'MINIMAX_API_KEY 环境变量（已内置在脚本中）' which translates to 'built into script'. This downplays the severity - the key is a real credential, not a placeholder or safe default.

SKILL.md:37

Clearly document that users should provide their own API key and that no credential is pre-configured.

中危敏感访问

Environment Variable Overwriting

Scripts overwrite any existing MINIMAX_API_KEY in the environment with a hardcoded value, potentially shadowing user-provided credentials.

scripts/mmsearch.py:11

Use os.environ.setdefault() or only set if not already present.

声明能力 vs 实际能力

命令执行 通过

声明 WRITE

→

推断 WRITE

subprocess.Popen in mmsearch.py:18, mmvision.py:18

环境变量 阻止

声明 NONE

→

推断 WRITE

os.environ assignment in mmsearch.py:11, mmvision.py:11

可疑产物与外联

中危外部 URL

https://api.minimaxi.com

scripts/mmsearch.py:11

依赖与供应链

包名	版本	来源	漏洞	备注
uvx	`unspecified`	pip	否	Not pinned, used to run minimax-coding-plan-mcp
minimax-coding-plan-mcp	`unspecified`	uvx	否	Not pinned, fetched from PyPI at runtime

文件构成

3 个文件 · 267 行

Python 2 个文件 · 223 行Markdown 1 个文件 · 44 行

需关注文件 · 3

scripts/mmvision.py Python · 115 行

Hardcoded MiniMax API Key (Duplicate)

scripts/mmsearch.py Python · 108 行

Hardcoded MiniMax API Key Exposed · Environment Variable Overwriting · https://api.minimaxi.com

SKILL.md Markdown · 44 行

API Key Disclosure Inadequately Warned

安全亮点

Subprocess usage is documented and follows expected MCP workflow

No base64 encoding or obfuscation detected

No network exfiltration or C2 communication observed

No credential harvesting from ~/.ssh, ~/.aws, or other sensitive paths

External API calls are limited to documented MiniMax endpoint