Back to skill

Security audit

Chinese LLM Models (Kimi 2.5, MiniMax 2.5, Qwen, DeepSeek) with One Key

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent AIsa provider setup guide, with no evidence of hidden execution or destructive behavior, but users should handle the API key and privacy claims carefully.

Install if you intentionally want OpenClaw to use AIsa for Chinese LLM access. Set AISA_API_KEY via an environment variable or interactive onboarding rather than pasting it into command-line arguments, review any default-model changes before applying them, and verify AIsa/provider privacy terms before sending confidential prompts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description is broad enough to trigger on generic provider setup, pricing, and model-selection questions, which can cause this provider-specific skill to activate in contexts where it is not clearly requested. That increases the chance of steering users toward a specific commercial service and exposing provider-specific instructions or API-key workflows unnecessarily.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description includes very broad trigger phrases like general setup, pricing, troubleshooting, and model switching topics, which can cause the skill to activate in ordinary conversations that only tangentially mention Chinese models or API keys. Over-broad activation increases the chance that provider-specific instructions or claims are injected into unrelated contexts, expanding exposure to misleading guidance and unnecessary secret-handling flows.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill tells users to pass the API key directly on the command line, which can expose the secret through shell history, process listings, terminal logging, CI logs, or support screenshots. This is a well-known credential handling risk because command-line arguments are often more broadly observable than environment variables or interactive prompts.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The guide explicitly recommends passing the API key on the command line via `--aisa-api-key`, which can expose the secret through shell history, terminal logging, process listings, and CI/job logs. This is a real credential-handling weakness in documentation because users often copy commands verbatim into environments where those disclosure channels exist.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The statement that users can 'completely not worry about data privacy' is an absolute security/privacy assurance that may cause operators to send sensitive data without appropriate review, contractual validation, or threat modeling. Even if a zero-data-retention agreement exists, absolute wording is unsafe because implementation gaps, scope limits, jurisdictional issues, and third-party handling may still create privacy risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.