MiniMax Token Plan Tool
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a purpose-aligned MiniMax API client, but it uses your MiniMax API key and may send selected images or prompts to MiniMax.
This skill looks coherent for MiniMax Token Plan search, image understanding, and quota checks. Before installing, use a dedicated MiniMax key if available, keep the key private, confirm MINIMAX_API_HOST is an official MiniMax endpoint, and avoid submitting sensitive images or confidential prompts.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use your MiniMax Token Plan account and consume quota when its tools are invoked.
The script reads the MiniMax API key from the environment and uses it as a bearer token for MiniMax API requests.
const API_KEY = process.env.MINIMAX_API_KEY; ... 'Authorization': `Bearer ${API_KEY}`Use a dedicated MiniMax Token Plan key if possible, keep it in a secure environment file, and verify the configured host is one of the official MiniMax hosts.
Private or sensitive images, and potentially sensitive prompts or search queries, may leave your machine and be processed by MiniMax.
The skill explicitly discloses that selected local images are encoded and sent to MiniMax for image understanding.
If a local image is provided, its content is transmitted to the remote MiniMax API for processing, which introduces a potential risk of local image data leakage.
Only submit images and prompts you are comfortable sending to MiniMax, and avoid regulated, confidential, or personal files unless you accept that data-sharing risk.