by 安全扫描
OpenClaw
安全
high confidenceThe skill's files, env usage, and runtime instructions are coherent with its stated purpose (web search and image understanding) though it asks you to install a third‑party tool via a remote install script and to store your API key on disk — both are legitimate for this kind of skill but worth verifying before proceeding.
评估建议
This skill appears to do what it says: it launches a local MCP process (uvx) and forwards your MINIMAX_API_KEY so the MCP can perform web searches and image analysis. Before installing:
- Review the remote installer it asks you to run (https://astral.sh/uv/install.sh). Don't run curl | sh unless you trust the source; inspect the script first or install 'uv' from a trusted package channel.
- Be aware the skill stores your API key in ~/.openclaw/.env and exports it to the spawned uvx process. If ...详细分析 ▾
✓ 用途与能力
The skill claims web search and image understanding and includes a client that calls tools named web_search and understand_image via a local MCP process. Required items (MINIMAX_API_KEY, optional MINIMAX_API_HOST, Node.js, and the 'uv' runtime/uvx binary) line up with that purpose.
✓ 指令范围
SKILL.md and the wrapper script limit actions to installing 'uv', storing/loading MINIMAX_API_KEY in ~/.openclaw/.env, and launching the provided Node.js client. The scripts only read the declared ~/.openclaw/.env and do not attempt to read unrelated system paths or other credentials.
⚠ 安装机制
There is no formal install spec in the manifest; SKILL.md instructs users to run a remote install (curl | sh) from https://astral.sh/uv/install.sh to install 'uv'. Running arbitrary remote install scripts is higher risk — verify the source and script contents before executing.
✓ 凭证需求
Only MINIMAX_API_KEY and MINIMAX_API_HOST are used; these are required and used by the client and forwarded to the spawned 'uvx' process. The quantity and naming of env vars are proportional to the stated functionality.
✓ 持久化与权限
The skill is not automatically always-enabled and does not request persistent platform privileges. It writes/reads credentials to a user-scoped file (~/.openclaw/.env) which is expected for storing an API key; it does not modify other skills or system-wide settings.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/2/28
Initial release
● 可疑
安装命令 点击复制
官方npx clawhub@latest install minimax-mcp-call
镜像加速npx clawhub@latest install minimax-mcp-call --registry https://cn.clawhub-mirror.com
技能文档
Web search and image understanding via MiniMax Coding Plan MCP.
Capabilities
| Tool | Description |
|---|---|
web_search | Search the web for current information, news, weather |
understand_image | Analyze images, screenshots, diagrams |
Requirements
- MiniMax Coding Plan API Key
- Node.js 18+
- uv (for MCP server)
Setup
- Install uv:
curl -LsSf https://astral.sh/uv/install.sh | sh
- Configure API key:
echo 'MINIMAX_API_KEY=your-coding-plan-key' >> ~/.openclaw/.env
echo 'MINIMAX_API_HOST=https://api.minimaxi.com' >> ~/.openclaw/.env
Usage
# Web search
~/.openclaw/skills/minimax-mcp-call/scripts/mcp_search.sh web_search "search query"# Image understanding
~/.openclaw/skills/minimax-mcp-call/scripts/mcp_search.sh understand_image "image_url" "question"
Quick Test
~/.openclaw/skills/minimax-mcp-call/scripts/mcp_search.sh web_search "hello"
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制