ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

MiniMax Token Plan Usage Monitor

v1.2.0

MiniMax Token Plan 用量监控 — 自动查询本周/5小时窗口用量、套餐余量、剩余调用次数及重置时间。支持 QQ/Discord/Telegram 多通道通知,可配置告警阈值。触发词:minimax额度查询、token plan用量、本周用量、剩余次数、订阅状态、minimax coding pla...

0· 44·0 current·0 all-time
by@bbzhi177
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description claim a simple MiniMax usage monitor, which aligns with the scraping code, but the skill metadata declares no required env vars while SKILL.md asks for MINIMAX_PHONE and MINIMAX_PASSWORD. Worse, several scripts (check_and_notify.js, mouse_simulation.js, stealth_test.js) hardcode a phone number and password directly in source — inconsistent with promised configuration and surprising for a third-party skill.
!
Instruction Scope
SKILL.md instructs only running the scraper and storing credentials in ~/.env, but the included scripts do more: they perform browser automation (Playwright/puppeteer), try to send local notifications by POSTing to localhost:37701, and cron_send.js posts to /v1/chat/completions with an x-openclaw-session-key. The SKILL.md does not disclose use of local OpenClaw API endpoints, nor the hardcoded session/auth tokens present in code — this expands scope beyond 'scrape and print' to interacting with local agent/gateway services.
Install Mechanism
There is no install spec (instruction-only) which is lower-risk, but a full package.json and package-lock.json are bundled, declaring heavy dependencies (playwright, puppeteer, stealth plugins). The scripts also reference a hardcoded Chromium executablePath in a user-specific cache. Installing these dependencies will pull many packages; the lack of an install step in SKILL.md is a mismatch and requires manual npm install and browser setup by the user.
!
Credentials
SKILL.md asks for MINIMAX_PHONE and MINIMAX_PASSWORD in ~/.env, which is reasonable. However, code contains multiple hardcoded sensitive values: an account phone/password pair ('15605428773' / 'sym,1998') embedded in check_and_notify.js, mouse_simulation.js, stealth_test.js; a userId ('9BB108CD...') and a bearer token ('8d9c37620f26f...') used to call localhost:37701; and a bb session key in cron_send.js. These hardcoded credentials are unnecessary for the stated purpose (they should be read from config or left to the user) and create a high-risk credential/privilege mismatch.
Persistence & Privilege
always:false (no forced persistence), which is appropriate. However, the skill is written to interact with local OpenClaw endpoints (localhost:37701) using hardcoded auth/session keys; if those tokens are valid on the host, the skill can trigger messages and BB sessions — giving it the ability to send messages or trigger local agent actions. This combination (local gateway access + hardcoded token) elevates risk even without always:true.
What to consider before installing
What to consider before installing: - Do NOT assume the hardcoded values are harmless. The code includes an actual phone/password pair and a bearer token/session key that call localhost:37701. If those tokens are valid on your host, the skill can send messages and trigger local sessions without your further consent. - The SKILL.md claims credentials come from ~/.env but several scripts ignore that and use embedded credentials — this mismatch is suspicious. Ask the author to remove any hardcoded secrets and to make the script read only from explicit, documented config. - The skill uses Playwright/puppeteer with stealth plugins and a hardcoded Chromium path; installing it will pull large npm deps and require a browser — run in an isolated environment or container if you test it. - If you need this functionality: (1) request the author remove embedded credentials and tokens, (2) replace them with documented env vars only, (3) verify there are no hardcoded Authorization/Bearer values, and (4) run the code in a sandboxed user account with no access to production OpenClaw tokens. Rotate any local gateway tokens if you suspect they were leaked. - If you do not trust the source, avoid installing. The combination of hardcoded creds + local gateway calls is a real risk even though the scraping functionality itself is plausible. Confidence notes: assessment is based on the shipped source; I rated this 'suspicious' (not 'malicious') because the primary functionality (browser scraping) is coherent with the description — but the hardcoded credentials and local gateway tokens are unexplained and disproportionate, which warrants caution. Additional information that would raise confidence: author identity, explanation for embedded tokens, or a cleaned code release with all secrets removed and clear runtime env usage.

Like a lobster shell, security has layers — review code before you run it.

latestvk9792rb0x94n4tqtnfrqpddbgn846cnv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments