ClawHub

Kimi Code Quota

v1.0.0

Query Kimi Code Plan quota and usage information. Use when the user wants to check their Kimi Code subscription quota, usage percentage, reset time, or API k...

0· 96·1 current·1 all-time
by@doraohm1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description (checking Kimi Code quota and API key status) align with the instructions: open kimi.com, enter console, capture usage and API key info. No unrelated binaries, env vars, or installs are requested.
Instruction Scope
Instructions direct the agent to browse the user's Kimi Code account, take snapshots/screenshots, and read quota, usage, and API Keys (partially hidden). Accessing API Keys and recent usage is sensitive but consistent with the stated functionality; the skill does not instruct the agent to read local files or other unrelated system data. The agent will prompt the user to log in if necessary (WeChat/phone), which is appropriate but worth noting as it may require user interaction.
Install Mechanism
No install spec and no code files — instruction-only skill. This is the lowest-risk install profile.
Credentials
No environment variables, credentials, or config paths are requested. The sensitive items the skill reads (API keys, usage) are obtained via the user's authenticated web session and are relevant to the purpose.
Persistence & Privilege
always is false and the skill is user-invocable. The skill does not request permanent/system-wide privileges or modify other skills' configs.
Assessment
This skill will open a browser and interact with your Kimi Code account pages to read quota, usage, and API Key info and will take screenshots of those pages. That's consistent with its purpose, but consider: only use it if you are comfortable letting the agent view your account pages and potentially capture screenshots that include partial API keys or usage logs. Do not provide external credentials to the skill — it expects you to authenticate via the website. If you share a device or are concerned about screenshots, avoid installing or revoke/regenerate any API keys after use. If you want stronger guarantees, ask for an explicit list of exact page elements the skill will capture or test it with a throwaway account first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ege51rbh7vzbj2ycq3yxt2d83sbny

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments