mirror of
https://github.com/openclaw/openclaw.git
synced 2026-07-04 12:03:33 +00:00
* fix(minimax): bound image/video success response reads MiniMax image generation and video generation (task submit + status poll) read their success responses through unbounded `await response.json()`, so a misbehaving or hostile endpoint could stream an arbitrarily large body into memory before parsing and exhaust the process. Read those success bodies through the shared bounded reader (16 MiB cap, the same limit other bundled providers and the sibling MiniMax web-search provider already use) and cancel the stream on overflow. The error-body path is already bounded via assertOkOrThrowHttpError; this closes the matching success-JSON gap. MiniMax TTS is already bounded and is left unchanged. AI-assisted. * fix(minimax): bound video metadata response reads * fix(minimax): leave image response sizing to image hardening * fix(minimax): bound image/video success response reads MiniMax image generation and video generation (task submit + status poll) read their success responses through unbounded `await response.json()`, so a misbehaving or hostile endpoint could stream an arbitrarily large body into memory before parsing and exhaust the process. Read those success bodies through the shared bounded reader (16 MiB cap, the same limit other bundled providers and the sibling MiniMax web-search provider already use) and cancel the stream on overflow. The error-body path is already bounded via assertOkOrThrowHttpError; this closes the matching success-JSON gap. MiniMax TTS is already bounded and is left unchanged. AI-assisted. * fix(minimax): bound video metadata response reads
MiniMax (OpenClaw plugin)
Bundled MiniMax plugin for both:
- API-key provider setup (
minimax) - Token Plan OAuth setup (
minimax-portal)
Enable
openclaw plugins enable minimax
Restart the Gateway after enabling.
openclaw gateway restart
Authenticate
OAuth:
openclaw models auth login --provider minimax-portal --set-default
API key:
openclaw setup --wizard --auth-choice minimax-global-api
Notes
- MiniMax OAuth uses a user-code login flow.
- OAuth currently targets the Token Plan path.