Security audit
MiniMax Token Plan Usage Monitor
Security checks across malware telemetry and agentic risk
Overview
The skill’s monitoring purpose is coherent, but its scripts include hardcoded passwords, OpenClaw auth/session tokens, and a fixed QQ notification recipient instead of user-scoped configuration.
Do not install or run this skill as-is. Ask the publisher to remove all hardcoded passwords, tokens, session keys, paths, and QQ recipients; require credentials through OpenClaw secrets or env vars; verify the notification target; and only then enable any cron schedule.
VirusTotal
66/66 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
