Pluginv1.0.3

ClawScan security

AIsa Twitter Engagement Suite · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 28, 2026, 8:05 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The package's code, instructions, and required secret (AISA_API_KEY) are consistent with a Twitter/X relay-based engagement and posting client that uses api.aisa.one; it does not request unrelated credentials or perform unexplained local access.
Guidance: This package appears to do what it says: it will call https://api.aisa.one using the AISA_API_KEY you provide and — if you attach files — read workspace file paths to upload media. Before installing, verify you trust AIsa/api.aisa.one (review their privacy/security policies) and keep these points in mind: (1) do not store sensitive local files in the workspace if you don't want them uploaded; (2) AISA_API_KEY grants the relay the ability to perform actions on your behalf via the relay — treat it like any API secret; (3) OAuth posting will produce an authorization link (or optionally open a browser) — only complete OAuth flows you trust; and (4) if you require fully local operations or avoidance of any relay, this skill is not suitable. Overall the package is internally consistent and proportional to its stated purpose.

Review Dimensions

Purpose & Capability: okThe skill's name and description (Twitter/X research, posting, likes, follows) match the shipped assets: Python clients for read, engagement, and OAuth posting that communicate with https://api.aisa.one. Required runtime (python3) and the single declared secret (AISA_API_KEY) are appropriate for a relay-based API client.
Instruction Scope: okSKILL.md and the reference docs provide scoped runtime instructions: search, engagement, OAuth authorization, and media upload flows. The code only references the AISA_API_KEY env var and workspace file paths for attachments; it does not instruct reading arbitrary home-directory files, shell history, or unrelated environment variables. Guardrails (no passwords, explicit OAuth approval, ask for disambiguation) are present.
Install Mechanism: okThere is no install spec — the package is delivered as source and runtime scripts. That is low-risk and consistent with the provided Python CLI clients. No external downloads or archive extraction are used.
Credentials: okOnly AISA_API_KEY is required and declared as the primary credential; that aligns with the relayed API usage seen in the Python clients. No other secrets, cloud credentials, or unrelated env vars are requested.
Persistence & Privilege: okThe skill is user-invocable (not always: true) and does not request permanent elevated platform privileges. It does not modify other skills or system-wide configs. Autonomous invocation is allowed by default but not combined with other privilege concerns here.