Skillv1.0.0

ClawScan security

Claude Code MiniMax 配置 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 4, 2026, 4:37 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The instructions generally match the stated goal (point Claude Code at MiniMax), but the skill metadata omits the required API key and the guide recommends installing a third‑party brew/cask (and editing home config files), so there are coherence and supply‑chain concerns you should review before proceeding.
Guidance: What to consider before installing/using this skill: - Metadata mismatch: the SKILL.md expects you to have a MiniMax API key and to set ANTHROPIC_* variables, but the skill declares no required credentials — treat that as an omission and don't assume harmless defaults. - Verify third‑party tooling: the guide recommends installing 'cc-switch' from a third‑party brew tap / GitHub repo. Before installing, review the project's source, releases, and maintainer reputation; avoid installing unknown taps or binaries you can't verify. - Protect your API key: prefer setting API keys in ephemeral environment variables or an OS credential store rather than embedding them in ~/.claude/settings.json or editor settings. If you must store them, ensure the files are excluded from backups and git (add to .gitignore). - Be cautious clearing Anthropic env vars: removing or changing ANTHROPIC_AUTH_TOKEN/ANTHROPIC_BASE_URL can break other workflows that use Anthropic; back up current settings first. - Trusting folders: the claude CLI may ask to 'Trust This Folder' to allow read/write — only grant that to directories you control and have reviewed. - Validate endpoints: confirm https://api.minimaxi.com and platform.minimaxi.com are the official MiniMax endpoints and review their docs/privacy/policy. If you want, I can: (1) extract exactly which files and env vars the guide will change, (2) produce safer alternative commands that avoid writing secrets to disk, or (3) help you vet the cc-switch GitHub repo for signs of trustworthiness.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose is to configure Claude Code to use the MiniMax-M2.5 model, and the SKILL.md does provide concrete steps to do that (editing ~/.claude/settings.json, setting ANTHROPIC_* env vars, configuring VS Code). However the metadata declares no required environment variables or primary credential while the instructions explicitly require a MiniMax API Key and setting ANTHROPIC_AUTH_TOKEN — a mismatch that reduces transparency and is concerning.
Instruction Scope: noteMost instructions stay within configuration tasks for Claude Code (editing ~/.claude/settings.json and ~/.claude.json, setting env vars, configuring VS Code). The doc also instructs users to clear Anthropic-related environment variables and to 'Trust This Folder' when launching claude (which grants the tool permission to read/write project files). Those are within the scope of reconfiguring the client, but the guidance to clear env vars and to trust folders is impactful and should be done deliberately.
Install Mechanism: concernThere is no install spec in the skill bundle, but the instructions recommend installing 'cc-switch' via a third‑party brew tap (farion1231/ccswitch) or downloading releases from a GitHub repo. That directs users to add an unverified tap and install a GUI cask from an external maintainer — a supply‑chain risk. The skill itself does not provide provenance or hashes for that tool.
Credentials: concernThe guide requires a MiniMax API Key and asks the user to set it as ANTHROPIC_AUTH_TOKEN (and other ANTHROPIC_* variables) in config files or VS Code settings, but the skill metadata lists no required env vars or primary credential. Requiring a secret while declaring none is a transparency gap. Storing API keys in persistent home config files or editor settings can leak secrets if those files are backed up or committed; the guide warns not to commit keys but still shows examples that embed them inline.
Persistence & Privilege: okThe skill is instruction-only with no install spec and does not request 'always:true' or other elevated privileges. It does not modify other skills or system-wide agent settings directly. The main persistence concern is the user's decision to store the API key and model settings in home config files (user-controlled).