中文 EN
Start Review
Skill Trust Decision

minimax-web-search

Hardcoded API key embedded in source code with inadequate security warnings creates critical credential exposure risk.

Install decision first Source: Manual upload Scanned: Apr 4, 2026
Files 3
Artifacts 1
Violations 0
Findings 4
Most direct threat evidence
Critical Credential Theft
Hardcoded API Key in Source Code

A complete MiniMax API key is embedded in plaintext in scripts/mmsearch.py and scripts/mmvision.py. This key grants access to the MiniMax Coding Plan API and can be extracted by anyone with read access to the source code.

scripts/mmsearch.py:11

Why this conclusion was reached

1/4 dimensions flagged
Pass
Declared vs actual capability

Declared resources and inferred behavior are broadly aligned.

Review
Hidden execution and egress

1 lower-risk artifacts were extracted and still need context.

Block
Attack chain and severe findings

The report includes 4 attack-chain steps and 2 severe findings.

Review
Dependencies and supply chain hygiene

2 dependency or supply-chain issues need attention.

Attack Chain

01
API key hardcoded in mmsearch.py line 11

exposure · scripts/mmsearch.py:11

02
API key duplicated in mmvision.py line 11

exposure · scripts/mmvision.py:11

03
Attacker extracts key from source code, uses MiniMax API at victim's expense

Impact · scripts/mmsearch.py:11

04
Victim shares skill with exposed credentials in documentation

Impact · SKILL.md:31

What drove the risk score up

Hardcoded API key in source code +35

API key 'sk-cp-_opubDWoTJY5qpJAoI...' embedded in both mmsearch.py and mmvision.py (lines 11 in both)

Credential not protected +15

No attempt to mask or secure the key; exposed in plaintext

Misleading documentation +10

SKILL.md says key is 'built-in' (已内置) presenting it as a feature rather than a security risk

Key exposure surface +8

Key visible in source, commits, and logs if skill is shared/distributed

Most important evidence

Critical Credential Theft

Hardcoded API Key in Source Code

A complete MiniMax API key is embedded in plaintext in scripts/mmsearch.py and scripts/mmvision.py. This key grants access to the MiniMax Coding Plan API and can be extracted by anyone with read access to the source code.

scripts/mmsearch.py:11
Remove the hardcoded key. Read from environment variable MINIMAX_API_KEY with fallback prompt or error. Example: os.environ.get('MINIMAX_API_KEY')
Critical Credential Theft

Duplicate Hardcoded API Key

The same API key is duplicated in scripts/mmvision.py, line 11

scripts/mmvision.py:11
Remove duplicate. Use a shared config or environment variable.
Medium Doc Mismatch

Misleading Security Documentation

SKILL.md presents the hardcoded key as a feature ('已内置在脚本中' - built into scripts) rather than disclosing it as a security risk. Users may unknowingly share this skill with exposed credentials.

SKILL.md:31
Update documentation to warn users: (1) Key must be rotated if exposed, (2) Key should ideally be provided by users, (3) Do not commit this file to public repos
Low Supply Chain

Unpinned Dependency Version

The uvx command runs 'minimax-coding-plan-mcp' without version pinning, which could allow a malicious package update

scripts/mmsearch.py:23
Pin to specific version: uvx minimax-coding-plan-mcp==X.Y.Z

Declared capability vs actual capability

Filesystem Pass
Declared READ
Inferred READ
SKILL.md declares file access for scripts
Network Pass
Declared READ
Inferred READ
Makes API calls to api.minimaxi.com
Shell Pass
Declared WRITE
Inferred WRITE
subprocess.Popen for uvx command execution

Suspicious artifacts and egress

Medium External URL
https://api.minimaxi.com

scripts/mmsearch.py:11

Dependencies and supply chain

PackageVersionSourceKnown vulnNotes
uvx * pip No CLI tool runner, no known CVEs
minimax-coding-plan-mcp * uvx No Version not pinned - potential supply chain risk

File composition

3 files · 267 lines
Python 2 files · 223 linesMarkdown 1 files · 44 lines
Files of concern · 3
scripts/mmvision.py Python · 115 lines
Duplicate Hardcoded API Key
scripts/mmsearch.py Python · 108 lines
Hardcoded API Key in Source Code · Unpinned Dependency Version · https://api.minimaxi.com
SKILL.md Markdown · 44 lines
Misleading Security Documentation

Security positives

No reverse shell or C2 infrastructure detected
Network calls limited to legitimate API endpoint (api.minimaxi.com)
No credential exfiltration beyond the self-contained API key
subprocess usage is documented and expected for CLI tool wrappers
No base64 obfuscation or anti-analysis techniques
No sensitive file access (no ~/.ssh, ~/.aws, .env reading)