← Back to Skills Marketplace

Minimax Image Gen

Name: Minimax Image Gen
Author: bluestar-34

by Neuroblue · GitHub ↗ · v1.1.0 · MIT-0

cross-platform ⚠ suspicious

283

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install minimax-image-gen

Description

使用 Minimax Image API 生成图片。支持文生图、13+ 种风格预设、跨平台。 neuroXY 专属画图技能！ Use when: 用户想生成图片、AI 画图、创建图像。 NOT for: 视频生成、动画制作。

Usage Guidance

This skill appears to do what it claims (generate images via Minimax) and only requires MINIMAX_API_KEY, but there are two things to check before installing or running it: 1) SSL verification is disabled in the script when calling the API and downloading images (ssl.check_hostname=False; verify_mode=ssl.CERT_NONE). That means an attacker on your network could intercept requests and steal your API key or responses. If you plan to use this skill, either run it only on trusted networks or edit the script to remove the lines that disable certificate verification so TLS is enforced. 2) The script will try to read ~/.openclaw/openclaw.json (and a parent-path variant) to auto-load an API key. If that file contains other credentials, the script will open it while searching for a Minimax key. To minimize risk, prefer supplying MINIMAX_API_KEY via an explicit environment variable and inspect/remove any sensitive keys from the config file first. Other suggestions: review the full script locally before running, confirm the base_url (https://api.minimaxi.com) matches the official endpoint you expect, and run in a contained environment if you are not comfortable modifying the code. If the SSL disabling is fixed and you supply the key via env only, the skill would be coherent and lower-risk.

Capability Analysis

Type: OpenClaw Skill Name: minimax-image-gen Version: 1.1.0 The skill contains a significant security vulnerability by explicitly disabling SSL/TLS certificate verification (ssl.CERT_NONE) in scripts/gen.py during both API communication and image downloads. It also accesses the user's home directory to read a global configuration file (~/.openclaw/openclaw.json) to retrieve API keys. While these behaviors appear aimed at user convenience and avoiding environment-specific certificate issues, they introduce MITM risks and perform unauthorized file access outside the skill's scope.

Capability Assessment

✓ Purpose & Capability

Name, description, SKILL.md, and the included script all align: the tool calls a Minimax image-generation API, accepts prompts/presets, and saves/previews images. Required binary (python3) and required env var (MINIMAX_API_KEY) match the stated purpose.

⚠ Instruction Scope

The SKILL.md and script instruct reading an API key from env or from ~/.openclaw/openclaw.json (documented in SKILL.md). That's reasonable, but the runtime code explicitly disables SSL certificate verification for both the API POST and image downloads (ssl.check_hostname=False; verify_mode=ssl.CERT_NONE). This weakens transport security and could expose the API key or image data to MitM attacks. The script also attempts to read OpenClaw config files in home and parent paths — this is described in SKILL.md but means the skill will try to access local config files that may contain other credentials.

✓ Install Mechanism

No install spec (instruction-only skill) and included Python script; nothing is downloaded or executed from arbitrary URLs during install. Standard library modules are used. Low installation risk, but runtime network activity occurs (to api.minimaxi.com).

ℹ Credentials

The skill only requires MINIMAX_API_KEY (declared as primary credential), which is proportionate. However, the code will also attempt to extract an API key from ~/.openclaw/openclaw.json and a sibling path; if that file contains other provider credentials, the skill will read them while searching for a Minimax key. This behavior is documented but increases the risk surface compared with using only an explicit env var.

✓ Persistence & Privilege

always is false and the skill does not request persistent elevated privileges or modify other skills. It does not self-enable or write system-wide config beyond creating output files in the specified output directory.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install minimax-image-gen
After installation, invoke the skill by name or use /minimax-image-gen
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.1.0

minimax-image-gen v1.1.0 introduces major feature updates and improvements: - Added 13 built-in style presets for image generation. - Introduced style type options (e.g., 漫画/元气/中世纪/水彩) for more creative outputs. - Improved cross-platform compatibility for Windows, macOS, and Linux. - Enhanced security features, including better API key handling and encrypted transmission. - Expanded and refined documentation for usage, configuration, and troubleshooting.

Metadata

Slug minimax-image-gen

Version 1.1.0

License MIT-0

All-time Installs 6

Active Installs 5

Total Versions 1

Frequently Asked Questions

What is Minimax Image Gen?

使用 Minimax Image API 生成图片。支持文生图、13+ 种风格预设、跨平台。 neuroXY 专属画图技能！ Use when: 用户想生成图片、AI 画图、创建图像。 NOT for: 视频生成、动画制作。 It is an AI Agent Skill for Claude Code / OpenClaw, with 283 downloads so far.

How do I install Minimax Image Gen?

Run "/install minimax-image-gen" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Minimax Image Gen free?

Yes, Minimax Image Gen is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Minimax Image Gen support?

Minimax Image Gen is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Minimax Image Gen?

It is built and maintained by Neuroblue (@bluestar-34); the current version is v1.1.0.

More Skills