MiniMax Token Plan Usage Monitor
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill’s monitoring purpose is coherent, but its scripts include hardcoded passwords, OpenClaw auth/session tokens, and a fixed QQ notification recipient instead of user-scoped configuration.
Do not install or run this skill as-is. Ask the publisher to remove all hardcoded passwords, tokens, session keys, paths, and QQ recipients; require credentials through OpenClaw secrets or env vars; verify the notification target; and only then enable any cron schedule.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill could use account or local-agent credentials the user did not configure, and a valid embedded OpenClaw token could bypass normal per-user authorization.
The script embeds a MiniMax password-like secret and an OpenClaw local API bearer token instead of using declared per-user credentials.
const password = 'sym,1998'; ... 'Authorization': 'Bearer 8d9c37620f26ffb66ec81daba1547ac537b6dee5aa0cc8fd'
Do not run as-is. Remove hardcoded secrets, declare required credentials, and read MiniMax/OpenClaw credentials only from per-user secrets or environment variables.
MiniMax usage reports could be sent to a hardcoded QQ target that may not belong to the installing user.
The notification tool is invoked with a fixed QQ recipient rather than a user-configured destination or explicit approval.
const userId = '9BB108CD680D558F5BB78A066DF4FB37'; ... args: { channel: 'qqbot', target: userId, message: message }Require the notification recipient to be configured by the installing user, avoid embedded targets, and confirm before sending reports through messaging tools.
Actions and messages may be routed through a specific preconfigured agent session rather than the user’s own session boundary.
The script sends a prompt to a hardcoded OpenClaw session through the local chat-completions gateway and asks that session to run a script and notify “me”.
const bbSessionKey = 'agent:bb:qqbot:direct:9bb108cd680d558f5bb78a066df4fb37'; ... path: '/v1/chat/completions' ... '执行MiniMax用量查询脚本并通过QQ发送通知给我。'
Remove hardcoded session keys and agent-to-agent prompts; use an explicit user-selected session with clear authentication and permission boundaries.
Users may underestimate the account and messaging privileges involved before installing or running the skill.
The registry metadata does not disclose credential requirements even though the documentation and code require or embed MiniMax/OpenClaw credentials.
Required env vars: none; Env var declarations: none; Primary credential: none
Update metadata to declare required MiniMax credentials and notification/gateway configuration, and ensure documentation matches the actual code path.
Installing dependencies may pull substantial browser automation code and stealth tooling into the OpenClaw environment.
The skill depends on browser automation packages, including a stealth plugin; this is plausible for scraping but should be reviewed and pinned/declared clearly.
"dependencies": { "playwright": "^1.59.0", "puppeteer-core": "^24.40.0", "puppeteer-extra": "^3.3.6", "puppeteer-extra-plugin-stealth": "^2.11.2" }Review the lockfile and dependencies before installation, remove unused stealth tooling if not needed, and declare runtime requirements in the skill metadata.
Once enabled, the skill may repeatedly log in to MiniMax, query account data, and write logs without further prompts.
The documentation recommends a recurring cron job, which is purpose-aligned monitoring but creates ongoing background activity.
0 10,12,14,16,18,20,22 * * * /usr/bin/node /root/.openclaw/workspace/skills/minimax-token-plan/scripts/get_token_plan_usage.js >> /root/.openclaw/workspace/skills/minimax-token-plan/cron.log 2>&1
Enable cron only after verifying credentials, recipients, and log locations; document how to disable the schedule.