AIsa Twitter API
AdvisoryAudited by Static analysis on May 8, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used to post, the agent can publish content publicly from an authorized X/Twitter account.
The skill can create public Twitter/X posts, including media posts. This is purpose-aligned and disclosed, but public posting is a high-impact action that should stay user-directed.
Publish text, image, and video posts after explicit OAuth approval.
Review the exact text, media, reply/quote target, and account authorization before allowing a post.
Anyone or any agent run with this key and completed OAuth authorization may be able to use the configured AIsa/Twitter workflow.
The skill requires an AIsa API key and uses OAuth-gated posting, which are expected for this integration but represent delegated account/API authority.
Required secret: `AISA_API_KEY`.
Use a dedicated API key where possible, keep it out of logs and shared prompts, and revoke OAuth access if you no longer use the skill.
Tweet text, OAuth flow data, and any attached media files may be transmitted to AIsa’s relay service for posting.
The artifacts clearly disclose that OAuth requests, post content, and uploaded media are sent through the AIsa relay. This is central to the skill, but users should understand the data boundary.
Posting, OAuth, and approved media uploads are relay-based and go to `api.aisa.one`.
Only upload intended workspace files and avoid sending confidential media or text unless you are comfortable with the AIsa relay handling it.