ClawHub

MiniMax Token Used Query

Security checks across malware telemetry and agentic risk

Overview

The skill appears intended to check MiniMax token usage, but it controls a real browser profile and can store/reuse MiniMax login credentials in a plaintext local file.

Review before installing. Only use this if you are comfortable letting it operate your real Chrome Default profile and MiniMax account. Prefer a dedicated browser profile, do not save passwords in the workspace, delete minimax-login.txt and /tmp/minimax-token-query.png if created, and rotate credentials if they were stored unexpectedly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Intent-Code Divergence

Medium
Confidence
78% confidence
Finding
The documentation frames the skill as merely using local browser automation instead of APIs, but elsewhere it collects and persists login credentials locally. That mismatch can mislead users about the sensitivity of the operation and obscure that the skill handles secrets, increasing the chance users consent without understanding the risk.

Intent-Code Divergence

Medium
Confidence
74% confidence
Finding
The skill describes one login path as SMS-based, then later switches to a default password-based flow with persistence. This inconsistency is security-relevant because reviewers and users cannot reliably determine what credentials will be requested, stored, or reused, which undermines informed consent and safe handling of secrets.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The header presents the script as a simple token-usage query, but the implementation also automates login and handles credential storage. This mismatch is security-relevant because it can mislead users into running a script with broader access and sensitive-data handling than advertised.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill persists login credentials to a local file for reuse but does not present a prominent warning near the main description or invocation path. Storing credentials without clear upfront notice creates a substantial risk of secret exposure through weak file permissions, backups, logs, shared accounts, or later compromise of the host environment.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script silently reads phone and password values from a local memory file and then uses them to log into a real account. Handling credentials without an explicit warning or consent increases the chance of unintended credential use and makes secret access less visible to the operator.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script writes the account phone number and password in plaintext to disk, creating a persistent secret that can be recovered by other local processes, backups, or later compromise of the workspace. Although file permissions are tightened afterward, plaintext-at-rest storage remains risky and expands the blast radius of any local access.

Ssd 3

High
Confidence
98% confidence
Finding
The skill explicitly instructs saving user login credentials in persistent memory at `~/.openclaw/workspace/memory/minimax-login.txt` for later automatic reuse. Persisting authentication secrets in a local file materially increases the risk of credential theft by other local users, malware, backups, source-control accidents, or any process with filesystem access, especially if the file is plaintext or broadly readable.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal