ClawHub

AIsa Provider

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate AIsa setup skill, but it gives users risky API-key handling guidance that deserves manual review.

Review before installing. If you use it, provide AISA_API_KEY through a protected environment variable or secret manager, not as a command-line argument, and keep the skill enabled only for explicit AIsa provider setup or troubleshooting tasks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The README states very broad activation conditions such as using the skill whenever a user mentions AISA_API_KEY, Chinese LLM pricing, or model names, which can cause the skill to trigger outside its narrow intended setup context. Over-broad invocation increases the chance of unintended execution paths, inappropriate guidance, or exposing provider-specific configuration behavior when a different skill or safer default should have been used.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation instructs users to pass the API key directly on the command line, which can expose the secret via shell history, process listings, terminal logging, or CI job logs. In a provider-configuration skill, this is materially risky because the credential grants access to paid model endpoints and potentially sensitive organizational usage.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The guide explicitly recommends passing the API key as a command-line argument, which can expose the secret through shell history, process listings, audit logs, and remote session recording. This is a real credential-handling weakness in documentation because users often copy commands verbatim into production or shared environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal