国内Minimax Coding Plan订阅计划用量查询
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its Minimax usage-checking purpose, but its script reads and executes a parent-directory .env file that is not what the documentation or metadata declares.
Review and fix the .env loading path before installing. The Minimax API request itself is purpose-aligned, but you should only run this after confirming exactly which .env file will be read, that it contains only the intended Minimax variables, and that the documented script name matches the actual file.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill could execute shell content from an unexpected parent .env file, not just read the two Minimax variables.
The script shell-sources a .env file two directories above the script. In bash, sourcing a file can execute commands in that file, and this path conflicts with the documented same-directory .env setup.
source "$(dirname "$0")/../../.env"
Change the script to load only the documented same-directory .env file, parse only the needed variables without shell-sourcing arbitrary content, and document the exact path used.
Users may not realize the skill needs account-level Minimax credentials or where it will read them from.
The skill uses a Minimax bearer API key, but the registry metadata declares no primary credential and no required environment variables, and the script obtains it from a broader parent .env path.
API_KEY="${MINIMAX_CODING_API_KEY}" ... --header "authorization: Bearer $API_KEY"Declare MINIMAX_CODING_API_KEY and MINIMAX_GROUP_ID in metadata, document the credential scope, and keep credential loading limited to the expected file.
A user may try to run a missing or different script than the one reviewed.
The documented command references minimax-usage.sh, while the provided file manifest contains minimax-coding-plan-usage.sh. This packaging mismatch is not malicious by itself, but it can confuse which file should be run.
./minimax-usage.sh
Align the documented command, included filename, and script comments; also declare runtime dependencies such as curl and jq.