MiniMax套餐查询
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is mostly a MiniMax plan checker, but its script also searches for and prints a MiniMax API key, which is sensitive and not part of the described quota lookup.
Use caution before installing or running this skill. Browser access to the MiniMax billing page is expected, but the API-key scraping/output is not necessary for checking plan usage. Prefer a version that removes API key extraction, and rotate any key that may have already been displayed.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A MiniMax API key could be exposed in terminal output, agent conversation context, logs, or screenshots. If someone else obtains it, they may be able to use the associated MiniMax API access.
The script searches the authenticated page for a MiniMax API key and prints it, even though the skill is described as checking plan, quota, and billing usage.
key_match = re.search(r'(sk-cp-[a-zA-Z0-9]+)', text_content) ... extracted['api_key'] = key_match.group(1) ... print(f" API Key: {result['api_key']}...")Do not use this version unless the API-key extraction and output are removed or made explicitly optional with clear user consent. Rotate any MiniMax key that may have been exposed.
When run, the script can view the contents of the MiniMax account page opened in the browser.
The skill uses Playwright to open a MiniMax account page and scrape the page text. This is expected for the stated browser-based quota lookup, but it does access authenticated account content.
browser = await p.chromium.launch(headless=False, slow_mo=300) ... await page.goto(MINIMAX_URL ... text_content = await page.evaluate("""() => { return document.body.innerText; }""")Run it only when you intentionally want the agent/script to inspect that MiniMax page, and verify the browser is on the expected MiniMax URL.
Users may be prompted to install additional packages and browser binaries outside the registry's declared dependency flow.
The script requires Playwright and browser installation, but the provided install specification declares no install steps or dependencies.
print("请先安装 playwright: pip install playwright && playwright install chromium")Declare the Playwright dependency and installation steps explicitly, ideally with pinned versions and official installation guidance.