Kimi Quota
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a purpose-aligned Kimi usage checker, but it handles and saves a Kimi login cookie, so users should treat it like account access.
This skill looks coherent for checking Kimi quota. Before using it, understand that the Kimi cookie is a login credential, install cryptography before saving it, keep the saved config file private, and clear the saved cookie when you no longer need automatic queries.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or anything that can read or use the saved cookie may be able to access Kimi account information as the user.
The skill asks the user to provide and persist a Kimi authentication cookie. This is coherent with querying account quota, but the cookie is effectively account session access.
python3 scripts/check_quota.py --cookie "kimi-auth=xxx" --save ... 存储位置:`~/.config/kimi-quota/cookie.enc`
Only use this on a trusted machine, provide only the Kimi cookie requested, and run the documented clear command when you no longer need saved login state.
If cryptography is not installed and the user saves a cookie, the login cookie may be stored unencrypted on disk.
The code warns that if the cryptography package is missing, the saved cookie will be stored in plaintext. This partially qualifies the documentation's encrypted-storage safety claim.
CRYPTO_AVAILABLE = False
print("警告: 未安装 cryptography,Cookie 将以明文存储")Install cryptography before using --save, or avoid saving the cookie and clear any saved state if encryption was unavailable.
Installing packages from the Python package index introduces normal third-party dependency risk.
The skill relies on external Python packages installed via an unpinned pip command. This is normal for a Python integration, but users should be aware of the dependency source.
pip install requests cryptography
Install dependencies from trusted environments and consider pinning or reviewing package versions if used in a sensitive setup.