Files
openclaw/extensions/minimax
Alix-007 25e184aeab fix(minimax): bound video control response reads (#96889)
* fix(minimax): bound image/video success response reads

MiniMax image generation and video generation (task submit + status poll)
read their success responses through unbounded `await response.json()`, so
a misbehaving or hostile endpoint could stream an arbitrarily large body
into memory before parsing and exhaust the process. Read those success
bodies through the shared bounded reader (16 MiB cap, the same limit other
bundled providers and the sibling MiniMax web-search provider already use)
and cancel the stream on overflow. The error-body path is already bounded
via assertOkOrThrowHttpError; this closes the matching success-JSON gap.
MiniMax TTS is already bounded and is left unchanged.

AI-assisted.

* fix(minimax): bound video metadata response reads

* fix(minimax): leave image response sizing to image hardening

* fix(minimax): bound image/video success response reads

MiniMax image generation and video generation (task submit + status poll)
read their success responses through unbounded `await response.json()`, so
a misbehaving or hostile endpoint could stream an arbitrarily large body
into memory before parsing and exhaust the process. Read those success
bodies through the shared bounded reader (16 MiB cap, the same limit other
bundled providers and the sibling MiniMax web-search provider already use)
and cancel the stream on overflow. The error-body path is already bounded
via assertOkOrThrowHttpError; this closes the matching success-JSON gap.
MiniMax TTS is already bounded and is left unchanged.

AI-assisted.

* fix(minimax): bound video metadata response reads
2026-06-28 10:52:33 -04:00
..
2026-06-04 21:33:54 -04:00

MiniMax (OpenClaw plugin)

Bundled MiniMax plugin for both:

  • API-key provider setup (minimax)
  • Token Plan OAuth setup (minimax-portal)

Enable

openclaw plugins enable minimax

Restart the Gateway after enabling.

openclaw gateway restart

Authenticate

OAuth:

openclaw models auth login --provider minimax-portal --set-default

API key:

openclaw setup --wizard --auth-choice minimax-global-api

Notes

  • MiniMax OAuth uses a user-code login flow.
  • OAuth currently targets the Token Plan path.