Security audit
Us Stock Analyst
Security checks across malware telemetry and agentic risk
Overview
The skill's files, runtime instructions, and required AISA_API_KEY align with its stated purpose (calling the AIsa market-data APIs via bundled Python scripts); nothing requests unrelated credentials or hidden endpoints.
This package appears to do what it says: run the included Python scripts which call AIsa APIs using AISA_API_KEY. Before installing or running: (1) only provide a trusted AISA_API_KEY and confirm you trust api.aisa.one as the data recipient, (2) run the Python code inside a dedicated virtual environment (venv) to isolate dependencies, (3) review requirements.txt and install only the minimal dependencies (httpx), (4) verify any network egress policy you need (the scripts make outbound HTTPS calls to api.aisa.one), and (5) if you need higher assurance, inspect the full stock_analyst.py for any additional I/O or logging you want to control. There are no signs of hidden endpoints or requests for unrelated credentials.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
