Amernet AI SaaS
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s messaging-chatbot purpose is coherent, but it asks for an all-permission SaaS API key and automatically sends all connected-channel messages and sender identifiers to an external service.
Review this before installing. It is a coherent chatbot connector, not clear malware, but you should be comfortable giving the service a broad API key and forwarding messages plus sender identifiers from every connected channel to the SaaS provider. Prefer a limited API key, verify the install source, notify channel users as appropriate, and confirm the provider’s data retention policy.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A broad API key could allow more access to the SaaS account than this connector appears to need if the key is exposed or misused.
The skill asks users to provide a broad all-permission API key for the SaaS account, while the documented behavior only needs chatbot chat, conversation reset, and status access.
`AI_SAAS_API_KEY` | Your API key from the portal (Settings → API Keys). Needs `all` permission.
Use a least-privilege API key limited to chat/status/conversation operations if available, rotate the key regularly, and avoid installing if the service requires unnecessary all-account permissions.
Messages, phone numbers, usernames, or platform IDs from connected channels may be processed by the external SaaS provider.
The skill clearly discloses that every connected-channel message and the channel/user identifier are sent to the external AI SaaS chatbot API.
When the user sends ANY message through any connected channel... Send a POST request... { "sender_id": "<constructed sender_id>", "message": "<user message text>" }Only enable this for channels where users expect messages to be handled by the SaaS chatbot, and provide appropriate privacy notice or consent.
Conversation history may persist across interactions and affect later chatbot replies until reset.
The skill relies on persistent per-user conversation context, which is expected for a chatbot but means prior messages may influence future responses.
Each user gets a persistent conversation session keyed by `<channel>:<user_id>`, so context is maintained across messages.
Confirm the SaaS retention policy, use the documented reset command when needed, and avoid sending sensitive information unless persistence is acceptable.
If a user follows the README literally or substitutes an untrusted repository, they could install different content than what was reviewed here.
The manual installation example points to an unpinned placeholder repository rather than a verified source. The reviewed registry package itself has no code or install script.
git clone https://github.com/your-org/openclaw-skill-ai-saas \ ~/.openclaw/workspace/skills/ai-saas
Install only from a verified official repository or the reviewed registry package, and pin or inspect any manually cloned source.