MiniMax Token Plan 余额查询
Security checks across malware telemetry and agentic risk
Overview
This skill appears to do the advertised MiniMax balance check, with the main user consideration being that it handles a MiniMax API key.
This looks safe for its advertised purpose. Before installing, understand that you may paste or save a MiniMax API key; use a limited/revocable Token Plan key, verify the MiniMax domain, and remove or revoke the key if you stop using the skill.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the key is exposed or saved longer than intended, someone else could potentially use the MiniMax account privileges associated with that key.
The skill asks the user to provide a MiniMax API key and optionally stores it in local OpenClaw configuration. This matches the quota-query purpose, but API keys are credentials and the registry metadata does not declare a primary credential.
复制 Key 后直接粘贴给我... 保存到本地:Key 保存到本地环境变量 ... openclaw config set env.MINIMAX_API_KEY <你的Key>
Use a dedicated Token Plan key if possible, avoid pasting broader account keys, and revoke or remove the saved key when it is no longer needed.
Running the skill sends the configured MiniMax API key to MiniMax to retrieve quota information.
The script uses curl to make an authenticated outbound request to MiniMax. This is expected for the stated balance-query function, and no unrelated endpoints or unsafe commands are shown.
URL="https://www.minimaxi.com/v1/api/openplatform/coding_plan/remains" ... -H "Authorization: Bearer $AUTH_VALUE"
Only run the query when you intend to check MiniMax quota, and verify that the MiniMax endpoint is the service you expect to contact.