Openclaw Media Gen
PassAudited by VirusTotal on May 8, 2026.
Overview
Type: OpenClaw Skill Name: openclaw-media-gen-aisa Version: 1.0.0 The skill provides a legitimate interface for generating AI images and videos via the AIsa API (api.aisa.one). The Python client (scripts/media_gen_client.py) uses standard library modules to handle API requests and download media files, with no evidence of data exfiltration, obfuscation, or malicious execution.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed and invoked, the agent can use the configured AIsa API key to make image or video generation requests, which may consume credits or incur costs.
The skill requires an AIsa API key, which is sensitive account authority and may allow API usage under the user's account.
primaryEnv: AISA_API_KEY ... requires: env: - AISA_API_KEY
Use a scoped or limited API key if available, monitor AIsa usage, and rotate the key if it is exposed.
The skill may create or overwrite user-selected output files when downloading generated images or videos.
The bundled client can download generated media from a URL and write it to a local output path. This is expected for a media-generation client, but it is still local file-write behavior.
def _download_to_file(url: str, out_path: str, timeout_s: int = 300) ... open(out_path, "wb")
Choose output paths intentionally and avoid directing downloads to important existing files unless overwriting is intended.