Stats
Actions
Tags
From claude-commands
Diagnose and fix MiniMax 401 auth errors in AO workers caused by redacted MINIMAX_API_KEY. Use for workers stuck at /login with 401 errors.
How this skill is triggered — by the user, by Claude, or both
Slash command
/claude-commands:minimax-401-diagnosticWhen to use
Use when: (1) an AO worker tmux pane shows 'Please run /login · API Error: 401' or 'login fail: carry the API secret key', (2) worker is stuck waiting for input despite having 'minimax' model config, (3) /ms surfaces another 401 incident. Do NOT use for general auth issues — this skill is specifically for the MiniMax proxy 401 + /login prompt stall pattern.
This skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
1. AO worker starts → hits MiniMax proxy → proxy returns `401 Unauthorized`
401 Unauthorized/login prompt in tmux pane/logintmux capture-pane shows: Please run /login · API Error: 401 or login fail: carry the API secret key in the 'Authorization' fieldagent: minimax or model: MiniMax-M2.7 — but the model name is NOT the cause# Check for unsubstituted @VAR@ tokens in the installed plist
# If any exist, bash expands them to empty → 401 on every API call
python3 - "$HOME/Library/LaunchAgents/ai.agento.lifecycle-all.plist" <<'EOF'
import plistlib, re, sys
content = open(sys.argv[1]).read()
vars = re.findall(r'@[A-Z_][A-Z0-9_]*@', content)
if vars:
print(f'BAD: Unsubstituted tokens: {sorted(set(vars))}')
else:
print('OK: No unsubstituted @VAR@ tokens')
EOF
# If BAD: re-run setup to regenerate plist with real env vars:
bash scripts/setup-launchd.sh lifecycle
# Then verify:
bash scripts/test-launchd-env.sh
If @VAR@ tokens exist in the plist, the fix is to re-run setup-launchd.sh — no deeper diagnosis needed. This is the root cause ~90% of the time.
# Check the plist's MINIMAX_API_KEY — the sentinel means broken
grep -A2 "MINIMAX_API_KEY" ~/Library/LaunchAgents/ai.agento.lifecycle-all.plist
# Should show: <string>__OPENCLAW_REDACTED__</string> ← BAD (redacted placeholder)
# Should show: <string>eyJ...</string> or a real key ← GOOD
# Check if the keychain has a real value
security find-generic-password -s MINIMAX_API_KEY -w
# If keychain has real value, update the plist:
# bash scripts/setup-launchd.sh lifecycle
# Find the tmux session for the stuck worker
tmux list-sessions | grep <worker-name>
# Capture the stuck state
tmux capture-pane -pt <session>:0.0 -S -100
Look for: Please run /login, API Error: 401, login fail, MINIMAX_API_KEY
python3 - "$HOME/Library/LaunchAgents/ai.agento.lifecycle-all.plist" <<'EOF'
import plistlib, sys
data = plistlib.load(open(sys.argv[1], 'rb'))
key = data.get('EnvironmentVariables', {}).get('MINIMAX_API_KEY', '')
print(f'MINIMAX_API_KEY = {repr(key)}')
print('BAD: redacted' if key == '__OPENCLAW_REDACTED__' else 'OK: real key present' if key else 'EMPTY')
EOF
security find-generic-password -s MINIMAX_API_KEY -w
If keychain has a real key but plist has __OPENCLAW_REDACTED__, the plist was set from a legacy config export that used the sentinel.
# Update the launchd plist with the real key
bash scripts/setup-launchd.sh lifecycle
Or manually:
REAL_KEY=$(security find-generic-password -s MINIMAX_API_KEY -w)
# Then update plist with the real key (not __OPENCLAW_REDACTED__)
launchctl bootout gui/$(id -u)/ai.agento.lifecycle-all
launchctl bootstrap gui/$(id -u) ~/Library/LaunchAgents/ai.agento.lifecycle-all.plist
launchctl kickstart -k gui/$(id -u)/ai.agento.lifecycle-all
sleep 5
pgrep -f "lifecycle-worker" | wc -l # Should show 12+ workers
tmux list-sessions | grep ao- # Should show active sessions, not stuck on /login
You might see model: MiniMax-M2.7 in the config and think "just switch to Claude Opus." This is wrong because:
MINIMAX_API_KEY and gets 401ao spawn --agent codex to "fix" the 401 — masks the symptom, wrong model for the taskexport MINIMAX_API_KEY=... in a running shell — doesn't fix the launchd service's envmodel in agent-orchestrator.yaml — the model is not the problem| Date | Worker | Manifestation | Root Cause |
|---|---|---|---|
| 2026-04-15 | PRs #454, #453, #452, #450, #444 | 5 PRs stuck with 401 | __OPENCLAW_REDACTED__ in plist |
| 2026-05-01 | ao-4449 (PR #511) | /login + 401, stuck at "Brewed for 3m 13s" | __OPENCLAW_REDACTED__ in plist |
~/Library/LaunchAgents/ai.agento.lifecycle-all.plist — MINIMAX_API_KEY valuescripts/setup-launchd.sh — how MINIMAX_API_KEY is substituted into the plist~/.hermes_prod/config.yaml — MiniMax credential sourceThis is a root-cause-regression skill — the same failure mode has occurred 6+ times. The fix is trivial (regenerate plist with real key) but the diagnosis keeps getting confused by the model name in the config.
npx claudepluginhub jleechanorg/claude-commands --plugin claude-commandsDiagnoses AgentCore agent failures including wrong answers, errors, timeouts, tool issues, and CLI problems by reading traces, logs, and checking prerequisites.
Debug container agent issues including failures, authentication problems, and sandbox runtime behavior. Covers logs, environment variables, mounts, and common fixes.
Enforces strict parameter verification when spawning, steering, or auditing Agent Orchestrator workers. Use when the user specifies exact AO parameters like agent, runtime, project, or PR targets.