ClawHub

mini-token-remains

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended to check MiniMax API quota, but it can read a local credential file and make an authenticated network request from overly broad trigger phrases.

Install only if you want the skill to access your local MiniMax auth profile and contact MiniMax to check usage. Prefer explicit MiniMax-only phrasing when using it, and review the stored credential source before installation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger phrases are broad enough that normal conversation like asking about remaining quota or token balance could invoke the skill unintentionally. Because the skill reads a local credential source and then makes an external API request, accidental activation can disclose account-usage metadata or cause unintended network access without clear user intent.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The example utterances are underspecified and could match generic requests unrelated to this specific service. In context, this is more dangerous than a harmless misfire because activation leads to credential-file access and an outbound request, which expands the consequences beyond merely returning the wrong skill output.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill description says it reads the current minimax key from a local credentials file and calls an external endpoint, but it does not clearly warn the user about these sensitive actions before use. This weakens informed consent and can surprise users into allowing local secret access and network transmission in situations where they only expected a passive status check.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal