Minimax Usage
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may read credentials from a different, broader .env file than the user expects, such as a shared OpenClaw or project-level config file.
The script loads account credentials from a .env file two directories above the script, while the user-facing setup text says the .env should be in the same directory and the registry metadata declares no required env vars or primary credential.
source "$(dirname "$0")/../../.env"
API_KEY="${MINIMAX_CODING_API_KEY}"
GROUP_ID="${MINIMAX_GROUP_ID}"Before use, verify the exact .env path. Prefer changing the script to read a clearly scoped same-directory config file and declare MINIMAX_CODING_API_KEY and MINIMAX_GROUP_ID in metadata.
If that parent .env file contains shell commands or has been modified unexpectedly, running the usage check could execute those commands locally.
Using shell source executes the contents of the referenced .env file rather than only parsing key/value pairs, and the referenced file is outside the documented same-directory location.
source "$(dirname "$0")/../../.env"
Use a safer parser for only the two needed variables, or source only a trusted, skill-local .env file after user review.