Security audit
Stock Dividend
Security checks across malware telemetry and agentic risk
Overview
The package appears to do what it says (dividend research via the AIsa API) and requests an AISA_API_KEY which is proportionate, but there are small inconsistencies you should verify before installing.
This package is internally consistent with its stated purpose: it runs a Python script that uses an AIsa API key to fetch dividend data and generate analysis. Before installing or running it: 1) Verify the AISA_API_KEY is the only secret you provide and that you trust the AIsa service (default base URL is https://api.aisa.one). 2) Note the script optionally reads AISA_BASE_URL and AISA_MODEL — ensure those are set only if you intend to change endpoints/models, and inspect any custom base URL to avoid sending your key to an unexpected host. 3) Ensure python3 and the 'openai' Python package (or equivalent SDK expected by the script) are installed in a controlled environment. 4) Run the script in a sandbox or with limited network access if you want to observe its behavior first. If you need higher assurance, request the publisher to document AISA_BASE_URL/AISA_MODEL in SKILL.md and provide a requirements.txt or explicit install instructions for Python dependencies.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
