Mixlab Daily Briefing( 高价值内容筛选)
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill appears to do what it says, but running it will use your Mixdao and MiniMax API keys to generate content and update Mixdao briefing/recommendation data.
Use this skill only if you are comfortable giving it Mixdao and MiniMax API access and allowing it to update Mixdao briefing/recommendation content. Prefer scoped API keys, keep the default/trusted MiniMax base URL, review generated output before publishing when possible, and clean up temp files if the feed content should not remain on disk.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you run step 2, generated briefing/recommendation content can be uploaded to your Mixdao account/service automatically.
The script performs PATCH requests to Mixdao endpoints, so running the workflow can change remote Mixdao briefing and recommendation records.
const RECOMMENDATION_API_URL = 'https://www.mixdao.world/api/latest/recommendation'; const BRIEFING_API_URL = 'https://www.mixdao.world/api/briefing'; ... method: 'PATCH'
Run it only when you intend to publish/update Mixdao data; consider reviewing the generated markdown or adding a dry-run/confirmation step before PATCH requests.
Compromise or over-scoping of these keys could allow unwanted Mixdao updates or model API usage.
The skill requires credentials for Mixdao account actions and MiniMax model access. This is purpose-aligned, but it is sensitive authority and is not reflected in the registry requirements.
| **MIXDAO_API_KEY** | 必填。mixdao API 的 Bearer token(拉取 latest 与提交推荐语)。 | | **ANTHROPIC_API_KEY** | 必填。MiniMax API Key,用于调用 MiniMax-M2.5。 |
Use least-privilege API keys if available, avoid sharing logs or shell history containing keys, and do not set ANTHROPIC_BASE_URL to an untrusted endpoint.
A malicious or unusual item in the Mixdao feed could affect the generated summary/recommendation text that later gets uploaded.
Fetched item text is included in the model prompt that drives grouping and recommendations; adversarial article text could try to influence model output, though the visible code constrains IDs and JSON structure.
text: (it.text || '').slice(0, ITEM_TEXT_PREVIEW_LEN), ... messages: [{ role: 'user', content: userText }]Review generated recommendations before publication, especially when feed items come from untrusted sources.
Fetched content remains on disk after the run and may be visible to other local processes or future users of the workspace.
The skill stores fetched Mixdao data locally and does not delete it, creating retained context that may contain feed content and generated briefing material.
步骤 1 将原始数据写入 `temp/`,步骤 2 仅读取,不删除
Delete temp files when no longer needed and avoid running the skill on data you do not want retained locally or sent to MiniMax.