Back to skill
Skillv1.0.0
ClawScan security
MiniMax套餐查询 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 10, 2026, 4:23 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill largely does what it says (opens the MiniMax billing page and scrapes plan/usage info), but the code also extracts API key-like strings from the page without documenting this in SKILL.md — a potentially sensitive, disproportionate action.
- Guidance
- This skill will open a local browser and scrape the MiniMax billing page for plan/usage information. However, its code also searches the page text for API-key-like strings (regex for 'sk-cp-...') and will print/return any matches — a sensitive behavior that is not documented in SKILL.md. Before installing or running: 1) Inspect the script yourself or ask the publisher to explicitly disclose API-key extraction and whether keys are stored, transmitted, or logged. 2) If you want only plan/usage info, remove or disable the api_key extraction lines in scripts/get_plan.py (the JS evaluation and the regex for sk-cp-...). 3) Run the script in a trusted, isolated environment and do not run it while unrelated accounts/pages are open in the same browser profile (the script can read any DOM the browser can access). 4) Consider changing prints to redact keys (e.g., show only last 4 chars) and avoid returning secrets in machine-readable results. If the publisher cannot justify extracting keys, treat this as a reason not to use the skill.
Review Dimensions
- Purpose & Capability
- noteThe skill's stated purpose is to retrieve MiniMax plan/usage info; the script automates a browser to open the MiniMax billing page and scrape text, which is a plausible implementation. However, the code also searches for API keys (pattern sk-cp-...) which is not mentioned in the SKILL.md outputs — this extra capability should be explicitly documented.
- Instruction Scope
- concernSKILL.md instructs the user to run the provided script and describes returned fields (plan name, quota, usage); it does not mention extracting API keys. The script evaluates page DOM and runs regex to find API keys and returns/prints them. That is scope creep: the runtime instructions do not disclose that secrets visible in the page will be extracted and printed.
- Install Mechanism
- okNo install spec in the registry; the script requires the third-party package Playwright and a browser runtime (the script prints a message to pip install/playwright install chromium). This is expected for browser automation and no arbitrary remote downloads or obscure installers are embedded in the skill bundle.
- Credentials
- concernThe skill does not request environment variables, which is good, but it programmatically searches the page for API keys and prints them. Extracting and exposing API keys (or other secrets displayed in the page) is a sensitive action not justified or disclosed by the SKILL.md output list.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request persistent privileges or modify other skills or system-wide configuration. It runs as an on-demand local script and opens a visible browser instance (headful).