Back to plugin

Security audit

Us Stock Analyst

Security checks across malware telemetry and agentic risk

Overview

The skill's files, runtime instructions, and required AISA_API_KEY align with its stated purpose (calling the AIsa market-data APIs via bundled Python scripts); nothing requests unrelated credentials or hidden endpoints.

This package appears to do what it says: run the included Python scripts which call AIsa APIs using AISA_API_KEY. Before installing or running: (1) only provide a trusted AISA_API_KEY and confirm you trust api.aisa.one as the data recipient, (2) run the Python code inside a dedicated virtual environment (venv) to isolate dependencies, (3) review requirements.txt and install only the minimal dependencies (httpx), (4) verify any network egress policy you need (the scripts make outbound HTTPS calls to api.aisa.one), and (5) if you need higher assurance, inspect the full stock_analyst.py for any additional I/O or logging you want to control. There are no signs of hidden endpoints or requests for unrelated credentials.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.