ClawHub

AIsa Media Gen

v1.0.0

Generate images & videos with AIsa. Gemini 3 Pro Image (image) + Qwen Wan 2.6 (video) via one API key.

1· 1.5k·2 current·2 all-time
by@aisapay
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, and the included Python client all target AIsa image/video generation. Requiring AISA_API_KEY and python3 is appropriate; curl is requested because the README shows curl examples (but the runtime client is Python).
Instruction Scope
The instructions and script stay within the stated purpose (call AIsa endpoints, poll tasks, save returned media). One behavioral note: the client will download arbitrary URLs supplied as img_url and will fetch signed video URLs returned by the API — this is expected for media download but means a user-supplied or agent-supplied URL could cause the client to make network requests to arbitrary hosts (possible SSRF/internal requests) or to write files to disk.
Install Mechanism
No install spec (instruction-only) and the code is bundled as a single Python script. Nothing is downloaded or extracted at install time.
Credentials
Only AISA_API_KEY is required and declared as the primary credential, which is proportionate for an API client that authenticates to AIsa. The SKILL.md and script do not read other environment variables or unrelated credentials.
Persistence & Privilege
The skill is not set always:true and does not request system-wide configuration changes. Model invocation is allowed (default) which is normal for skills; no excessive persistence or cross-skill config writes are present.
Assessment
This skill appears coherent for generating images and videos through AIsa using a single AISA_API_KEY. Before installing: (1) only provide an API key scoped appropriately (least privilege) and avoid sharing other secrets; (2) be aware the client will fetch user-provided img_url values and will download returned video URLs to disk — do not pass internal or sensitive endpoints (risk of SSRF or data leakage if an attacker can control URLs); (3) verify you trust the api.aisa.one domain and the AIsa service terms; (4) run the skill in a sandbox or with limited filesystem/network permissions if you want extra safety. If you need more assurance, request the full (untruncated) Python script and verify there are no hidden network calls to unexpected domains.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fv7bq4xqfbcsdb28bvbnwrs80k49k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎬 Clawdis
Binspython3, curl
EnvAISA_API_KEY
Primary envAISA_API_KEY

Comments