ClawHub

Openclaw Skill Minimax Tracker

PassAudited by ClawScan on May 1, 2026.

Overview

This tracker appears benign: it locally records MiniMax usage counts and offers optional scheduled reminders, with no credential use or hidden network behavior shown.

This skill is reasonable for local MiniMax usage tracking. Before installing, note that it saves a local usage-history file and that the scheduled reminder example will create recurring agent activity if you configure it. If using the GitHub clone instructions, verify the repository contents match the reviewed files.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Info
#ASI06: Memory and Context Poisoning
What this means

Local usage counts and timestamps will remain on disk and may affect future usage reports.

Why it was flagged

The skill intentionally keeps persistent local usage records, which is expected for a tracker but means future status output depends on saved state.

Skill content
Usage data is stored in: ~/.openclaw/workspace/minimax_usage_data.json
Recommendation

Install only if you are comfortable with local usage history being stored, and delete the JSON file if you want to reset or remove that history.

Low
#ASI10: Rogue Agents
What this means

If you set up the cron reminder, the agent may run this status command every three hours.

Why it was flagged

The documentation shows an optional recurring agent turn for reminders. It is disclosed and limited to displaying compact usage status.

Skill content
"schedule": "0 */3 * * *", "payload": { "kind": "agentTurn", "message": "Run: python3 ~/openclaw-workspace/skills/openclaw-skill-minimax-tracker/minimax_tracker.py compact" }
Recommendation

Use the scheduled reminder only if you want recurring checks, and ensure your scheduler entry runs only the documented compact status command.

Info
#ASI04: Agentic Supply Chain Vulnerabilities
What this means

If you install from the external repository instead of the reviewed package, you may receive code that differs from these artifacts.

Why it was flagged

The README suggests installing from an external GitHub repository, while the registry metadata lists the source as unknown. This is not suspicious by itself, but users should verify provenance when cloning.

Skill content
git clone https://github.com/QiaoTuCodes/openclaw-skill-minimax-tracker.git
Recommendation

Prefer the reviewed package or verify the repository, commit, and file contents before installing from GitHub.