AIsa Twitter Post Engage
ReviewAudited by ClawScan on May 8, 2026.
Overview
This skill is a coherent Twitter/X relay client, but installing it means trusting AIsa and OAuth authorization for public posts, likes, follows, and media uploads.
Install only if you trust AIsa as a relay for your Twitter/X account. Confirm OAuth access, keep the AISA_API_KEY private, review public post content and targets before use, and revoke OAuth access when you no longer need the skill.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked for a posting or engagement task, the agent can publish, like, unlike, follow, or unfollow through the relay.
The skill exposes public write and engagement actions on Twitter/X. This is aligned with the stated purpose, but these actions can affect the user's public account.
Publish text, image, and video posts after explicit OAuth approval. Like, unlike, follow, and unfollow through the engagement client once authorization exists.
Use it only for explicit Twitter/X actions, review post text and targets carefully, and avoid ambiguous requests.
A compromised or over-authorized key/account connection could allow actions on the authorized Twitter/X account via the relay.
The skill needs an AIsa API key and OAuth approval to act on a Twitter/X account. This is expected for the integration, but it is delegated account authority.
Required environment variable: `AISA_API_KEY` ... Obtain OAuth authorization before any write action.
Review the OAuth approval screen, understand how to revoke access, and consider using a dedicated account or limited operational process for posting.
Local media files selected for posting will leave the workspace and be sent to AIsa before being uploaded to Twitter/X.
User-provided media and post content are sent to a third-party relay. This is disclosed and purpose-aligned, but users should be aware of the data flow.
The Python client reads the local file and sends it to the relay backend as `multipart/form-data`. ... Posting, OAuth, and approved media uploads are relay-based and go to `api.aisa.one`.
Only provide media files intended for upload, and do not pass unrelated private files as `--media-file`.