Skillv1.0.4

ClawScan security

MiniMax Token Used Query · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 13, 2026, 3:02 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill does what it claims (automates a local browser to read MiniMax usage) but includes sensitive behaviors—saving plaintext credentials to a workspace file and operating on the Default browser profile—that increase risk and deserve user review.
Guidance: This skill does what it says — it automates your local browser to log in and scrape MiniMax usage — but it stores credentials in plaintext in ~/.openclaw/workspace/memory/minimax-login.txt and uses your Chrome 'Default' profile (which may expose other logged-in sessions). Before installing: (1) inspect or run the scripts locally to confirm behavior; (2) consider creating and using a dedicated browser profile for this skill instead of 'Default'; (3) avoid storing passwords — remove or rotate the memory file after use, or modify the script to only store ephemeral tokens if possible; (4) verify that the 'browser-use' CLI is a trusted tool on your machine; (5) be aware the Node quick script contains a syntax bug and may not work as-is. If you are uncomfortable storing credentials or giving the skill access to your default browser profile, do not install or modify the scripts to eliminate persistent plaintext storage.
Findings: [NONE] expected: No automated regex-based scan findings were reported. Manual review found no network exfiltration endpoints in the scripts; they rely on the browser to contact minimaxi.com. [JS_SYNTAX_ERROR] unexpected: query-quick.js contains a malformed line ('execSyncfunction run(command) {') which is a bug. This is not expected for a working quick-query script and may cause runtime failure.

Review Dimensions

Purpose & Capability: okName/description match implementation: scripts automate a local Chrome session (via browser-use) to open the MiniMax coding plan page and scrape token usage. No unrelated cloud credentials, binaries, or external services are requested.
Instruction Scope: concernSKILL.md and scripts instruct the agent to open the user's local Chrome profile, perform login flows, scrape DOM text, and save login credentials to a local memory file (~/.openclaw/workspace/memory/minimax-login.txt). Saving credentials and using the Default profile expands scope beyond read-only querying and may expose other logged-in accounts or data in that profile.
Install Mechanism: okNo install spec or remote downloads; this is instruction-only plus included scripts. No remote code fetches or archive extraction were found in the provided files.
Credentials: concernThe skill requests no environment variables, which is appropriate, but it writes/reads a plaintext credential file inside the user's workspace and operates on the browser 'Default' profile. Persisting passwords in plaintext and using the main browser profile are disproportionate from a least-privilege perspective and increase exposure.
Persistence & Privilege: notealways is false and the skill does not attempt to modify other skills or global agent settings. It does persist credentials to a memory file under the user's workspace (and sets chmod 600), which is normal for convenience but is persistent sensitive state that the user should be aware of.