Back to plugin

Security audit

Stock Dividend

Security checks across malware telemetry and agentic risk

Overview

The package appears to do what it says (dividend research via the AIsa API) and requests an AISA_API_KEY which is proportionate, but there are small inconsistencies you should verify before installing.

This package is internally consistent with its stated purpose: it runs a Python script that uses an AIsa API key to fetch dividend data and generate analysis. Before installing or running it: 1) Verify the AISA_API_KEY is the only secret you provide and that you trust the AIsa service (default base URL is https://api.aisa.one). 2) Note the script optionally reads AISA_BASE_URL and AISA_MODEL — ensure those are set only if you intend to change endpoints/models, and inspect any custom base URL to avoid sending your key to an unexpected host. 3) Ensure python3 and the 'openai' Python package (or equivalent SDK expected by the script) are installed in a controlled environment. 4) Run the script in a sandbox or with limited network access if you want to observe its behavior first. If you need higher assurance, request the publisher to document AISA_BASE_URL/AISA_MODEL in SKILL.md and provide a requirements.txt or explicit install instructions for Python dependencies.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.