Minimax Monitor
ReviewAudited by ClawScan on May 10, 2026.
Overview
The monitor largely matches its stated purpose, but it automatically uses local MiniMax credentials through a permissive local web server that other pages could call while it is running.
Use this only if you are comfortable with it reading your local MiniMax key and running a local server. Run it only when needed, avoid exposing port 9876, use a dedicated MiniMax key where possible, and configure Feishu secrets only for a chat you intend to receive quota data.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use the user's MiniMax account key without the user pasting it into the dashboard each time, which can reveal quota information or consume API quota during probes.
The server automatically reads a MiniMax API key from the user's local mmx config, even though the registry metadata declares no primary credential or required config path.
const MMX_CONFIG = path.join(process.env.HOME, '.mmx', 'config.json'); ... const config = JSON.parse(fs.readFileSync(MMX_CONFIG, 'utf8')); return config.api_key || '';
Declare the MiniMax API key, Feishu credentials, and ~/.mmx/config.json access in metadata; require an explicit opt-in before reading local credentials; show which key source is active; and prefer a dedicated limited-scope key.
If the server is running, another webpage or local client could call the monitor API, read quota data, or trigger MiniMax probe requests using the user's configured key.
The local proxy allows any browser origin to call it and then uses either a request header key or the local mmx key to contact MiniMax with bearer authorization.
res.setHeader('Access-Control-Allow-Origin', '*'); ... res.setHeader('Access-Control-Allow-Headers', 'Content-Type, X-MMX-API-Key'); ... const apiKey = getReqKey(req); ... 'Authorization': 'Bearer ' + keyBind the service to localhost only, restrict CORS to the intended dashboard origin, add a per-session token or CSRF protection, and do not fall back to stored credentials for unauthenticated cross-origin requests.
This is expected for a CLI-backed monitor, but unsafe argument handling could become command injection if exposed through an endpoint or future change.
The skill uses shell execution to call the mmx CLI, which is related to quota monitoring, but the shell-string pattern is sensitive if arguments ever become user-controlled.
const { execSync, exec } = require('child_process'); ... const out = execSync(`mmx ${args}`, { timeout: 15000, encoding: 'utf8', env });Use execFile or spawn with fixed argument arrays, validate any arguments, and avoid passing the full environment unless needed.