Back to skill
Skillv1.0.0
ClawScan security
AIsa Provider · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 21, 2026, 6:43 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's declared requirements (only AISA_API_KEY) match its stated purpose, but the runtime instructions reference shipped scripts and flows that are not present and make strong external-claims (partnerships, ZDR) that should be verified before use.
- Guidance
- This skill is generally coherent: it only needs AISA_API_KEY and documents how to configure AIsa models. Before installing, verify two things: (1) the package references repo-relative scripts/ and CLI workflows but the published bundle contains no scripts — confirm whether the provider supplies those scripts elsewhere or if the documentation is stale, because the agent may instruct commands that don't exist; (2) the marketing claims (partnerships, zero-data-retention agreements, pricing discounts) are external assertions — confirm them with the vendor (e.g., check https://marketplace.aisa.one and any contractual documentation) before sending sensitive or high-volume data. As always, only provide AISA_API_KEY to providers you trust, and avoid pasting long secrets into chat transcripts. If you need higher assurance, ask the publisher for a signed package or source repository showing the referenced scripts and implementation.
- Findings
[no_regex_findings] expected: The static regex scanner returned nothing to analyze; this is expected because the skill is instruction-only with no code files. The absence of findings is not proof of safety.
Review Dimensions
- Purpose & Capability
- okName/description (AIsa provider, model routing, Chinese LLM access) aligns with the single required environment variable AISA_API_KEY and the provided examples that call AIsa endpoints (https://api.aisa.one). The declared primary credential is proportional to the stated function.
- Instruction Scope
- concernSKILL.md instructs the agent and user to use repo-relative scripts/ paths and to prefer explicit CLI auth flags when a script exposes them, but the package manifest contains no scripts/ directory or executable files. This mismatch could lead the agent to provide or instruct about commands that don't exist. Otherwise, instructions stay within provider setup/model-routing scope and only reference AISA_API_KEY and the aisa API.
- Install Mechanism
- okNo install spec or code files—this is instruction-only, so nothing is written to disk by an installer. Lowest install risk.
- Credentials
- okOnly AISA_API_KEY is required and used in examples. No unrelated secrets or config paths are requested. The amount of credential access matches the skill's purpose.
- Persistence & Privilege
- okalways is false, the skill is user-invocable and can be autonomously invoked (platform default). The package does not request system-wide changes or other skills' config.