twitter-autopilot-aisa
AdvisoryAudited by VirusTotal on Apr 18, 2026.
Overview
Type: OpenClaw Skill Name: twitter-autopilot-aisa Version: 1.0.0 The skill bundle provides a legitimate set of Python clients for interacting with Twitter/X via the Aisa API (api.aisa.one). The code in scripts/twitter_client.py, scripts/twitter_engagement_client.py, and scripts/twitter_oauth_client.py implements standard API interaction patterns, including OAuth flows and multipart media uploads, without any evidence of data exfiltration, malicious execution, or obfuscation. The SKILL.md instructions are well-aligned with the tool's stated purpose and include explicit warnings against accessing sensitive local credentials.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the skill is invoked incorrectly after OAuth authorization, it could publish or engage from the user's X/Twitter account, causing reputational or account-management impact.
These are public, account-mutating actions. The provided instructions disclose the capability, but do not document a confirmation gate, allowed-action scope, or rollback/containment before the agent publishes or engages.
Support posting, replying, quoting, liking, unliking, following, and unfollowing through the shipped OAuth relay clients.
Require explicit user approval before every post, reply, quote, like, follow, or unfollow; show the exact final text and target account/tweet before executing.
A misconfigured or malicious relay URL in the environment could receive the user's AISA_API_KEY and posting/engagement payloads.
The OAuth client will send the AISA bearer key to the configured relay base URL, and the override accepts any valid http(s) URL. This optional credential destination is not disclosed in the skill requirements or README.
base_url = normalize_base_url(get_env("TWITTER_RELAY_BASE_URL", DEFAULT_BASE_URL)) ... "Authorization": f"Bearer {aisa_api_key}"Document and declare TWITTER_RELAY_BASE_URL, restrict it to trusted AISA domains by default, and avoid sending the AISA bearer token to arbitrary relay hosts unless the user explicitly opts in.
Users may assume account actions stay local when they are actually routed through a remote provider relay.
The wording says the OAuth relay is local, while the shipped OAuth client defaults to a remote AISA endpoint. This can mislead users about where OAuth-authorized actions and related data are processed.
Engagement via Relay: Like/unlike tweets and follow/unfollow users through the local OAuth relay service.
Update the documentation to accurately describe the remote AISA relay, what data is sent, and which service holds or brokers OAuth authorization.
Private images, videos, or draft content could be uploaded if the user or agent selects them for posting.
Posting with media necessarily sends user-selected text and files through the AISA/Twitter relay. This is expected for the stated purpose, but users should treat selected files and draft posts as external data sharing.
Publish text, images, and videos, create threads, and quote/reply to tweets securely via user OAuth authorization.
Use only intended media files, review drafts before posting, and avoid authorizing the skill in workspaces where the agent can access unrelated private files.