AIsa Twitter Command Center
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Twitter/X search and OAuth-posting skill through the AIsa relay, but it uses an API key and can publish or upload selected media externally.
Install only if you trust AIsa as the relay for Twitter/X actions. Keep the AISA_API_KEY secure, authorize only the account you intend to use, review every post and attachment before publishing, and avoid any cookie- or password-based login flow.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked for publishing, the agent can create posts, replies, quotes, or media posts on the authorized account.
The skill can perform public, account-changing actions on Twitter/X, but the capability is disclosed and tied to OAuth approval and user publishing intent.
Publish text, image, and video posts after explicit OAuth approval.
Use it only for clear publish requests, review the exact text/media/account before posting, and do not treat research or drafting requests as publish approval.
Anyone or any agent process with the key may be able to call the configured AIsa Twitter/X relay capabilities.
The skill requires a bearer credential for the AIsa relay, which is expected for this integration but grants access to relay-backed Twitter/X functions.
Required secret: `AISA_API_KEY`.
Store the API key securely, use the least-privileged key available, and revoke or rotate it if the environment is shared or compromised.
Images or videos selected for posting leave the local workspace and are sent to api.aisa.one before being uploaded to Twitter/X.
Selected local media files are uploaded to the AIsa relay for posting; this data flow is disclosed and scoped to user-provided workspace files.
The Python client reads the local file and sends it to the relay backend as `multipart/form-data`.
Only provide media files you intend to publish, and verify file paths are workspace attachments rather than unrelated local files.
A user or agent could be confused about whether non-OAuth cookie/proxy login methods are appropriate.
Most artifacts describe an OAuth-only/no-cookies workflow; this exception creates minor ambiguity, though no cookie-handling implementation is shown.
Do not use cookie-based login or proxy-based login unless the user explicitly asks for legacy behavior.
Stick to the documented OAuth flow and avoid password, cookie, proxy, or browser-session login methods unless separately reviewed.