AIsa Twitter API Command Center
PassAudited by VirusTotal on May 4, 2026.
Overview
Type: OpenClaw Skill Name: aisa-twitter-api-command-center-slot1 Version: 1.0.4 The skill bundle provides a standard API client and OAuth wrapper for interacting with Twitter/X via the AIsa relay service (api.aisa.one). The scripts (twitter_client.py and twitter_oauth_client.py) implement expected functionality for research, monitoring, and posting, including handling media uploads and tweet threading. The instructions in SKILL.md and references/post_twitter.md include explicit security guardrails, such as directing the agent never to ask for user passwords or cookies, and the code contains no evidence of obfuscation, unauthorized data exfiltration, or malicious execution logic.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If authorized, the skill can publish through the connected Twitter/X account via AIsa.
The skill uses an AIsa API key and OAuth authorization to act through a Twitter/X account.
Required secret: `AISA_API_KEY` ... After the user completes authorization, publish using the authorized account.
Only use this with an AIsa key and Twitter/X account you trust the relay to access, and revoke OAuth access if you no longer need it.
A mistaken or premature invocation could publish unwanted public content.
The documented CLI can create public Twitter/X posts; this is purpose-aligned but high-impact if invoked with the wrong content.
python3 scripts/twitter_oauth_client.py post --text "Hello from Twitter OAuth" ... Try `post` first when the user intent is to publish content.
Confirm the final post text, media, reply/quote target, and account before allowing the post command to run.
Any attached media or post content you approve may be transmitted to AIsa before reaching Twitter/X.
Local attachments and post content are sent to AIsa's relay endpoint for upload and publishing.
The Python client reads the local file and sends it to the relay backend as `multipart/form-data` ... Posting, OAuth, and approved media uploads are relay-based and go to `api.aisa.one`.
Attach only files you intend to upload publicly or send to AIsa, and avoid passing arbitrary local paths.