Chinese LLM Models (Kimi 2.5, MiniMax 2.5, Qwen, DeepSeek) with One Key
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: openclaw-aisa-chinese-llm-models Version: 1.0.1 The skill bundle provides documentation and configuration examples for integrating the AIsa API provider with OpenClaw. All files, including SKILL.md, guide-zh-CN.md, pricing.md, and config-examples.md, contain instructions for setting environment variables, modifying OpenClaw configuration files, and using OpenClaw CLI commands to manage AI models. The `curl` commands present in SKILL.md and guide-zh-CN.md are used to query the `https://api.aisa.one/v1/models` endpoint to list available models, which is a legitimate informational action for an API integration. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, prompt injection with harmful intent, or obfuscation. The content is consistently aligned with the stated purpose of configuring a third-party AI model provider.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the API key is exposed, someone else could use the account or consume paid quota.
The skill requires an AIsa API key and shows a command-line option that can include the key directly. This is expected for the provider setup, but API keys are sensitive credentials.
requires:\n env:\n - AISA_API_KEY ... openclaw onboard --auth-choice aisa-api-key --aisa-api-key "your-key-here"
Prefer the interactive onboarding flow or a secure environment/secret manager. Avoid pasting real keys into shared terminals, logs, or shell history, and rotate the key if exposed.
Prompts, completions, and any data included in model requests may be processed by AIsa and its upstream model partners.
The configuration sends model requests through AIsa’s external API endpoint. This is the stated purpose of the skill, but it establishes a third-party data boundary for prompts and outputs.
"baseUrl": "https://api.aisa.one/v1", "apiKey": "${AISA_API_KEY}"Use only if you trust the provider and its terms. Do not send sensitive, regulated, or confidential data until you have verified retention, logging, and data-processing policies.
Future OpenClaw sessions may use AIsa by default, which can affect cost, latency, privacy, and model behavior.
The examples can make AIsa the primary or fallback model provider in persistent OpenClaw configuration. This is user-directed and purpose-aligned, but affects future agent behavior.
"primary": "aisa/qwen3-max", "fallback": ["aisa/qwen-mt-flash", "aisa/deepseek-v3.1"]
Review ~/.openclaw/openclaw.json after setup and confirm the primary and fallback models match your intended provider choices.
Users may over-rely on marketing-style privacy assurances when deciding whether to send sensitive prompts through the provider.
The artifact makes strong privacy and Zero Data Retention claims. They may be true, but the supplied artifacts do not include the underlying agreement or a full data-retention policy.
Users do not need to worry about data privacy — AIsa has executed a formal ZDR agreement with Moonshot AI.
Independently verify AIsa’s current privacy policy, ZDR scope, upstream provider handling, and whether AIsa itself logs or retains requests.
Users must rely on the marketplace listing and provider website for authenticity and claims about partnerships, pricing, and privacy.
The registry metadata does not identify a source repository or independently verifiable package origin. There is no executable code in this skill, so this is a provenance note rather than a code-supply-chain concern.
Source: unknown; Homepage: https://marketplace.aisa.one
Verify the provider and marketplace page before configuring a real API key or making it a default provider.