AIsa Twitter API
PassAudited by VirusTotal on May 8, 2026.
Overview
Type: OpenClaw Skill Name: aisa-twitter-api-aisa Version: 1.0.5 The skill bundle provides a functional Twitter/X command center for research and posting via the AIsa relay API (api.aisa.one). The Python scripts (twitter_client.py and twitter_oauth_client.py) use standard libraries to interact with the API, supporting search, user monitoring, and OAuth-gated posting with media uploads. The instructions in SKILL.md and references/post_twitter.md include appropriate guardrails, such as explicitly forbidding the collection of passwords or cookies and requiring user authorization for posting. No evidence of data exfiltration, malicious execution, or deceptive prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used to post, the agent can publish content publicly from an authorized X/Twitter account.
The skill can create public Twitter/X posts, including media posts. This is purpose-aligned and disclosed, but public posting is a high-impact action that should stay user-directed.
Publish text, image, and video posts after explicit OAuth approval.
Review the exact text, media, reply/quote target, and account authorization before allowing a post.
Anyone or any agent run with this key and completed OAuth authorization may be able to use the configured AIsa/Twitter workflow.
The skill requires an AIsa API key and uses OAuth-gated posting, which are expected for this integration but represent delegated account/API authority.
Required secret: `AISA_API_KEY`.
Use a dedicated API key where possible, keep it out of logs and shared prompts, and revoke OAuth access if you no longer use the skill.
Tweet text, OAuth flow data, and any attached media files may be transmitted to AIsa’s relay service for posting.
The artifacts clearly disclose that OAuth requests, post content, and uploaded media are sent through the AIsa relay. This is central to the skill, but users should understand the data boundary.
Posting, OAuth, and approved media uploads are relay-based and go to `api.aisa.one`.
Only upload intended workspace files and avoid sending confidential media or text unless you are comfortable with the AIsa relay handling it.