AIsa Twitter API Command Center
AdvisoryAudited by Static analysis on May 4, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If authorized, the skill can publish through the connected Twitter/X account via AIsa.
The skill uses an AIsa API key and OAuth authorization to act through a Twitter/X account.
Required secret: `AISA_API_KEY` ... After the user completes authorization, publish using the authorized account.
Only use this with an AIsa key and Twitter/X account you trust the relay to access, and revoke OAuth access if you no longer need it.
A mistaken or premature invocation could publish unwanted public content.
The documented CLI can create public Twitter/X posts; this is purpose-aligned but high-impact if invoked with the wrong content.
python3 scripts/twitter_oauth_client.py post --text "Hello from Twitter OAuth" ... Try `post` first when the user intent is to publish content.
Confirm the final post text, media, reply/quote target, and account before allowing the post command to run.
Any attached media or post content you approve may be transmitted to AIsa before reaching Twitter/X.
Local attachments and post content are sent to AIsa's relay endpoint for upload and publishing.
The Python client reads the local file and sends it to the relay backend as `multipart/form-data` ... Posting, OAuth, and approved media uploads are relay-based and go to `api.aisa.one`.
Attach only files you intend to upload publicly or send to AIsa, and avoid passing arbitrary local paths.