Back to skill

Security audit

MiniMax Token Plan Usage Monitor

Security checks across malware telemetry and agentic risk

Overview

The skill’s monitoring purpose is coherent, but its scripts include hardcoded passwords, OpenClaw auth/session tokens, and a fixed QQ notification recipient instead of user-scoped configuration.

Do not install or run this skill as-is. Ask the publisher to remove all hardcoded passwords, tokens, session keys, paths, and QQ recipients; require credentials through OpenClaw secrets or env vars; verify the notification target; and only then enable any cron schedule.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.