Pluginv0.1.4

ClawScan security

Twitter Command Center · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 31, 2026, 3:12 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it claims (uses AIsa to read/post X/Twitter) but manifest metadata, registry declarations, and provenance are inconsistent — particularly around the required AISA_API_KEY and binaries — so proceed with caution.
Guidance: This skill appears to implement a legitimate AIsa-backed Twitter/X client, but there are important inconsistencies and provenance questions you should weigh before installing: - The SKILL.md and bundled python client require AISA_API_KEY and expect python3/curl, but the registry metadata omitted these. Expect runtime failures or hidden prompts if you install without the key or required binaries. - The skill sends your AISA_API_KEY to https://api.aisa.one (including as a field in POST JSON for OAuth relay). Only install if you trust the aisa.one service and the publisher (source/homepage are not authoritative in the bundle). Sending an API key in request bodies can be logged server-side — treat the key like any sensitive credential. - Provenance is unclear (source listed as unknown, homepage none). Prefer bundles from verified publishers or check the upstream repository/website for an official release and privacy/security docs. Recommended steps before use: verify the publisher (aisa.one), inspect the full python script locally, test in an isolated environment, create a least-privilege AISA key if supported (rate-limited / scoped), and avoid sharing other unrelated credentials. If you need higher assurance, request a signed release or a verified plugin listing from the publisher.

Review Dimensions

Purpose & Capability: noteThe code and SKILL.md implement a Twitter/X client that calls https://api.aisa.one and performs read queries and OAuth relay posting — that aligns with the skill name and description. However, the registry metadata (requirements section) lists no required env vars or binaries while SKILL.md metadata and the python client clearly require AISA_API_KEY and expect python3/curl. That mismatch is an incoherence in the declared purpose vs. stated prerequisites.
Instruction Scope: noteRuntime instructions are focused on Twitter reads and OAuth posting and do not ask for unrelated system data. They instruct setting AISA_API_KEY, calling AIsa endpoints, and opening a browser for OAuth. The instructions do direct the agent to transmit the AISA_API_KEY in POST bodies for the relay endpoints (per AIsa design), which is required for operation but increases the sensitivity of that secret.
Install Mechanism: okThere is no install spec (instruction-only install), and the included python script is local to the bundle. No external downloads or archive extraction are performed during install, so installation risk is low. The presence of an executable script is expected for a client SDK.
Credentials: concernThe skill requires a single external secret (AISA_API_KEY) for its main functionality — that is proportionate. The concern is that the package/registry metadata omitted this requirement while SKILL.md and the python client both require it; required binaries (python3, curl) are declared in SKILL.md metadata but not in registry fields. This inconsistency can lead to surprises at runtime. Also note that the OAuth relay requires sending the AISA_API_KEY in JSON bodies to api.aisa.one, so you must trust that remote service with the key (it may be logged or stored server-side).
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or system settings. It runs as a normal, user-invocable skill and can be invoked autonomously (platform default) — not itself a red flag in this context.