Skillv1.0.0

ClawScan security

AIsa Search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 22, 2026, 7:38 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and required environment variable (AISA_API_KEY) are consistent with its stated purpose of calling the AIsa search API; it does not request unrelated credentials or perform unexpected local file access.
Guidance: This skill appears coherent: it runs the included Python client and sends requests to api.aisa.one using the AISA_API_KEY. Before installing, verify you trust the aisa.one service and that the API key you supply has only the needed scope (prefer a low-privilege key). Review the bundled scripts yourself if you want extra assurance (they are included). Understand that running the skill will send user queries and any provided URLs to the AIsa API, so avoid passing sensitive secrets or private data to it.

Purpose & Capability: okName/description (web/multi-source/last-30-days research) align with the included Python client that calls https://api.aisa.one endpoints; requiring python3 and AISA_API_KEY is proportionate to that purpose.
Instruction Scope: okSKILL.md instructs running the bundled script from scripts/ and to provide AISA_API_KEY; the script only reads that env var and issues HTTP requests to the AIsa API. There are no instructions to read unrelated files, credentials, or to send data to unexpected endpoints.
Install Mechanism: okNo install spec; the package is instruction-only with a provided Python script. Nothing is downloaded or extracted at install time (lower risk).
Credentials: okOnly AISA_API_KEY is required and declared as the primary credential. The script uses that single key to authenticate to the AIsa API; there are no other secret/env requirements.
Persistence & Privilege: okThe skill is not marked always:true and does not request system-wide configuration changes. It runs on demand and does not persist new privileges or modify other skills.