Minimax Token
PassAudited by ClawScan on May 10, 2026.
Overview
This skill’s stated purpose is coherent, but it expects MiniMax/Telegram credentials and references script/service files that are not included in the supplied package.
Before using this skill, obtain and inspect the missing Python script and systemd service from a trusted source, provide only the credentials needed, and enable scheduled Telegram monitoring only if you are comfortable with ongoing checks and external notifications.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The documented commands may fail or depend on code obtained elsewhere, and users cannot verify from this package how their API key would be handled.
The skill tells users to run or copy helper files, but the supplied artifact manifest contains only README.md and SKILL.md. That makes the actual implementation unavailable for review.
python3 minimax_token.py --check ... scripts/\n ├── minimax_token.py # 主脚本\n └── minimax-token.service # systemd 服务配置
Only run the referenced script or service after inspecting the actual files from a trusted source; the package should include those files or remove the instructions.
Anyone running the implementation with these values gives it access to query the MiniMax account and, if configured, send Telegram bot messages.
The skill requires a MiniMax API key and optionally uses Telegram credentials. This is expected for quota checking and notifications, but it is still account-level credential handling.
| `MINIMAX_API_KEY` | MiniMax API Key | 是 |\n| `TELEGRAM_BOT_TOKEN` | Telegram Bot Token | 否 |\n| `TELEGRAM_CHAT_ID` | Telegram Chat ID | 否 |
Use limited-scope tokens where possible, avoid sharing credentials in chat logs, and rotate tokens if you later run untrusted code.
The monitor could continue using the API key and sending notifications until the user disables the service.
The skill documents a persistent user-level service for automatic hourly checks. This persistence is disclosed and purpose-aligned, but it continues operating after setup.
支持定时自动检查(每小时) ... systemctl --user enable minimax-token\nsystemctl --user start minimax-token
Enable the service only if you want ongoing monitoring, and know how to stop or disable it with systemctl when no longer needed.
MiniMax quota information may be visible in the configured Telegram chat and to Telegram’s service infrastructure.
The skill can send quota-status notifications through Telegram. This external notification flow is disclosed and aligned with the purpose, but it sends account usage information outside the local environment.
通过 Telegram 发送通知 ... `TELEGRAM_BOT_TOKEN` | Telegram Bot Token ... `TELEGRAM_CHAT_ID` | Telegram Chat ID
Configure Telegram notifications only for chats you control and avoid sending sensitive account details to shared channels.