MiniMax Vision Captcha

使用MiniMax视觉模型识别图片中的验证码、滑块位置、文字内容等。适用于需要AI视觉分析的场景，如微信验证码识别、网页截图分析、图片文字提取。当需要识别图片内容、分析验证码、提取截图信息时使用此技能。

This skill appears to do what it claims (solve captchas using a MiniMax visual service) but you should be cautious before installing: 1) The included script runs a shell command via execSync with prompt and image path interpolated verbatim — this is vulnerable to command injection if those values include malicious characters. Prefer a version that calls mcporter with an argument array (spawn/execFile) or properly escapes inputs. 2) The script will read the latest PNG from /root/.openclaw/media/browser if no image is given; make sure you are comfortable with the skill accessing that directory and that no sensitive screenshots could be sent to the MCP. 3) SKILL.md mentions MiniMax MCP must be configured, but the skill does not declare what credentials or endpoints are required — verify how mcporter is configured and where image data will be sent. 4) The skill author/source is not clearly verified (marketplace.json lists an author/link but the package source/homepage are missing) — consider running in a sandbox, review or rewrite the script to sanitize inputs, and confirm compliance with any site/service terms (captcha bypassing can violate terms of service).

Type: OpenClaw Skill Name: minimax-vision-captcha Version: 1.0.0 The `scripts/solve-captcha.js` file contains a shell injection vulnerability. User-controlled inputs (`prompt` and `imagePath`) are directly interpolated into a command string executed via `child_process.execSync` without proper sanitization or escaping. This allows an attacker to execute arbitrary commands by crafting the `--prompt` or `--image` arguments, posing a significant remote code execution risk. This is a vulnerability rather than intentional malice.