安全决策报告
minimax-web-search
Hardcoded API key embedded in source code with inadequate security warnings creates critical credential exposure risk.
最直接的威胁证据
严重 凭证窃取
Hardcoded API Key in Source Code A complete MiniMax API key is embedded in plaintext in scripts/mmsearch.py and scripts/mmvision.py. This key grants access to the MiniMax Coding Plan API and can be extracted by anyone with read access to the source code.
scripts/mmsearch.py:11 为什么得出这个结论
1/4 个维度触发 通过
声明与实际能力
声明资源与推断能力基本一致。
复核
隐藏执行与外联
提取到 1 个一般风险产物,需要结合上下文判断。
阻止
攻击链与高危发现
报告包含 4 步攻击链,另有 2 项高危或严重发现。
复核
依赖与供应链卫生
发现 2 项需要关注的依赖或供应链线索。
攻击链
01
API key hardcoded in mmsearch.py line 11
exposure · scripts/mmsearch.py:11
02
API key duplicated in mmvision.py line 11
exposure · scripts/mmvision.py:11
03
Attacker extracts key from source code, uses MiniMax API at victim's expense
最终危害 · scripts/mmsearch.py:11
04
Victim shares skill with exposed credentials in documentation
最终危害 · SKILL.md:31
风险分是怎么被拉高的
Hardcoded API key in source code +35
API key 'sk-cp-_opubDWoTJY5qpJAoI...' embedded in both mmsearch.py and mmvision.py (lines 11 in both)
Credential not protected +15
No attempt to mask or secure the key; exposed in plaintext
Misleading documentation +10
SKILL.md says key is 'built-in' (已内置) presenting it as a feature rather than a security risk
Key exposure surface +8
Key visible in source, commits, and logs if skill is shared/distributed
最关键的证据
严重 凭证窃取
Hardcoded API Key in Source Code
A complete MiniMax API key is embedded in plaintext in scripts/mmsearch.py and scripts/mmvision.py. This key grants access to the MiniMax Coding Plan API and can be extracted by anyone with read access to the source code.
scripts/mmsearch.py:11 Remove the hardcoded key. Read from environment variable MINIMAX_API_KEY with fallback prompt or error. Example: os.environ.get('MINIMAX_API_KEY')
严重 凭证窃取
Duplicate Hardcoded API Key
The same API key is duplicated in scripts/mmvision.py, line 11
scripts/mmvision.py:11 Remove duplicate. Use a shared config or environment variable.
中危 文档欺骗
Misleading Security Documentation
SKILL.md presents the hardcoded key as a feature ('已内置在脚本中' - built into scripts) rather than disclosing it as a security risk. Users may unknowingly share this skill with exposed credentials.
SKILL.md:31 Update documentation to warn users: (1) Key must be rotated if exposed, (2) Key should ideally be provided by users, (3) Do not commit this file to public repos
低危 供应链
Unpinned Dependency Version
The uvx command runs 'minimax-coding-plan-mcp' without version pinning, which could allow a malicious package update
scripts/mmsearch.py:23 Pin to specific version: uvx minimax-coding-plan-mcp==X.Y.Z
声明能力 vs 实际能力
文件系统 通过
声明 READ
→ 推断 READ
SKILL.md declares file access for scripts 网络访问 通过
声明 READ
→ 推断 READ
Makes API calls to api.minimaxi.com 命令执行 通过
声明 WRITE
→ 推断 WRITE
subprocess.Popen for uvx command execution 可疑产物与外联
中危 外部 URL
https://api.minimaxi.com scripts/mmsearch.py:11
依赖与供应链
| 包名 | 版本 | 来源 | 漏洞 | 备注 |
|---|---|---|---|---|
| uvx | * | pip | 否 | CLI tool runner, no known CVEs |
| minimax-coding-plan-mcp | * | uvx | 否 | Version not pinned - potential supply chain risk |
文件构成
3 个文件 · 267 行
Python 2 个文件 · 223 行Markdown 1 个文件 · 44 行
需关注文件 · 3
scripts/mmvision.py Duplicate Hardcoded API Key
scripts/mmsearch.py Hardcoded API Key in Source Code · Unpinned Dependency Version · https://api.minimaxi.com
SKILL.md Misleading Security Documentation
安全亮点
No reverse shell or C2 infrastructure detected
Network calls limited to legitimate API endpoint (api.minimaxi.com)
No credential exfiltration beyond the self-contained API key
subprocess usage is documented and expected for CLI tool wrappers
No base64 obfuscation or anti-analysis techniques
No sensitive file access (no ~/.ssh, ~/.aws, .env reading)