Pluginv1.0.3

ClawScan security

AIsa Twitter API Command Center · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 28, 2026, 8:03 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The package is largely coherent with a Twitter/X relay client (it needs AISA_API_KEY and sends reads/posts to api.aisa.one), but there are metadata inconsistencies and privacy implications you should verify before installing.
Guidance: This package appears to be a normal Twitter/X relay client that requires one API key (AISA_API_KEY) and will send reads, OAuth flows, and any user-provided attachments to https://api.aisa.one. Before installing: 1) verify the registry/marketplace metadata (the package files require AISA_API_KEY but the summary you saw omitted it — confirm the marketplace shows the same required env), 2) confirm you trust the AIsa service operator (any text or files you post or attach will be sent to their backend), 3) scope the AISA_API_KEY minimally (use a key with least privilege and rotate/delete it if you stop using the plugin), 4) test posting actions in a controlled account and avoid attaching sensitive files, and 5) review the full python scripts locally to ensure no unexpected file reads or network targets beyond api.aisa.one. If you need higher assurance, ask the publisher for an explanation of the metadata mismatch and for a link to the upstream project/release page.

Review Dimensions

Purpose & Capability: noteThe skill's name, description, and embedded scripts all describe a Twitter/X relay client that contacts https://api.aisa.one using an AISA_API_KEY — that is consistent for a relay-based Twitter skill. However, the top-level registry summary in the evaluation stub reported "Required env vars: none" and "Primary credential: none", which contradicts the manifests and SKILL.md that explicitly require AISA_API_KEY. This mismatch is an incoherence in the published metadata.
Instruction Scope: okRuntime instructions and code focus on read/search APIs and OAuth-gated posting via the AIsa relay. The skill explicitly documents using repo-relative scripts, reading workspace attachments only when provided, and sending them as multipart/form-data to the relay. It also states guardrails (do not ask for passwords, do not invent remote URLs). The instructions do transmit user-provided local files and post content to a third-party API, which is expected for this functionality but worth noting.
Install Mechanism: okThere is no install spec; this is an instruction-plus-scripts package. No downloads from external hosts or archive extraction occur in the package itself. The risk surface is limited to the included Python scripts running on the local runtime.
Credentials: noteThe code and manifests require a single credential AISA_API_KEY and python3, which is proportionate to a relay client. The earlier registry summary that omitted required env vars is inconsistent with the manifests (openclaw.plugin.json, SKILL.md, package.json) that do declare AISA_API_KEY as required — that discrepancy should be resolved before trusting the package metadata.
Persistence & Privilege: okThe skill does not request always:true or any unusual persistence. It does not appear to write or modify other skills or system-level configuration. Autonomous invocation is enabled by default (normal for skills) and is not combined with other high-risk flags here.