Minimax Usage
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its usage-monitoring purpose, but it under-declares credentials and sources a parent .env file rather than the documented local one.
Review or edit the script before installing. Ensure the Minimax API key is stored only in the intended .env file, verify that the request goes only to platform.minimax.io, and be aware that curl and jq are needed even though they are not declared.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may read credentials from a different, broader .env file than the user expects, such as a shared OpenClaw or project-level config file.
The script loads account credentials from a .env file two directories above the script, while the user-facing setup text says the .env should be in the same directory and the registry metadata declares no required env vars or primary credential.
source "$(dirname "$0")/../../.env"
API_KEY="${MINIMAX_CODING_API_KEY}"
GROUP_ID="${MINIMAX_GROUP_ID}"Before use, verify the exact .env path. Prefer changing the script to read a clearly scoped same-directory config file and declare MINIMAX_CODING_API_KEY and MINIMAX_GROUP_ID in metadata.
If that parent .env file contains shell commands or has been modified unexpectedly, running the usage check could execute those commands locally.
Using shell source executes the contents of the referenced .env file rather than only parsing key/value pairs, and the referenced file is outside the documented same-directory location.
source "$(dirname "$0")/../../.env"
Use a safer parser for only the two needed variables, or source only a trusted, skill-local .env file after user review.