Security audit

Minimax Usage Cn

Security checks across malware telemetry and agentic risk

Overview

This skill is a narrow Minimax quota checker that uses a declared API key to call the Minimax usage endpoint, with only optional cron guidance for recurring checks.

Install only if you are comfortable providing MINIMAX_API_KEY for Minimax quota checks. Use a dedicated or least-privilege key if available, keep it out of shared logs, and only add the cron example if you intentionally want hourly background checks.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Session Persistence

Medium

Category: Rogue Agent
Content: ```bash # 编辑 crontab crontab -e # 添加以下行（每小时检查并记录） 0 * * * * cd /home/rocfly/.openclaw/workspace/skills/minimax-usage-cn/scripts && ./minimax-usage.sh >> /home/rocfly/.openclaw/workspace/logs/minimax-usage.log 2>&1
Confidence: 79% confidence
Finding: crontab -e

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.