Generate images & videos with: Gemini 3 Pro Image + Qwen Wan 2.6 (video) via one API key
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: openclaw-aisa-llm-image-video-qwen-wan26-gemini-3-pro-image Version: 1.0.0 The skill bundle provides a Python client and documentation for interacting with the AIsa API for image and video generation. It requires an `AISA_API_KEY` environment variable, which is used to authenticate requests to `https://api.aisa.one`. The `media_gen_client.py` script makes standard HTTP requests and saves generated media files locally. There is no evidence of data exfiltration beyond the API key to the stated API endpoint, no malicious execution, no persistence mechanisms, and no prompt injection attempts in `SKILL.md` to subvert the agent's behavior or access unrelated sensitive data. All observed behaviors are aligned with the stated purpose of generating media.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Requests run under the user's AIsa account and may consume quota or paid credits.
The client reads an AIsa API key and sends it as a bearer token to authenticate API calls.
api_key = explicit or os.environ.get("AISA_API_KEY") ... "Authorization": f"Bearer {api_key}"Use a dedicated or limited API key if available, monitor usage, and prefer the environment variable over passing the key on the command line.
Prompts, reference image URLs, and generated-task metadata may leave the local environment and be processed by the provider.
The skill sends user prompts and reference image URLs to AIsa cloud endpoints as part of the generation workflow.
GEMINI_BASE_URL = "https://api.aisa.one/v1" ... VIDEO_BASE_URL = "https://api.aisa.one/apis/v1" ... "prompt": prompt, "img_url": img_url
Avoid sending private, confidential, or rights-sensitive prompts/images unless AIsa's terms and data-handling practices are acceptable.
Users have less provenance information to rely on when deciding whether to trust the skill with an API credential.
The package provenance is not identified beyond the registry metadata, even though the skill asks for a provider API key.
Source: unknown
Verify the publisher, API provider, and code contents before installing or supplying an API key.