Back to plugin

Security audit

AIsa Crypto Market Data

Security checks across malware telemetry and agentic risk

Overview

The package is internally coherent for a crypto market-data plugin: it requires a single AISA_API_KEY and runs a local Python client against api.aisa.one; there are no unexpected credentials, third-party downloads, or broad system access requested.

This package appears to be what it claims: a crypto market-data wrapper that runs a local Python client against AIsa's API. Before installing, confirm you trust the AIsa service (https://aisa.one) because you will supply an AISA_API_KEY that the client sends as a Bearer token to api.aisa.one. Note the small metadata mismatch where the registry summary listed no required env var while the package manifests require AISA_API_KEY — this is likely a packaging oversight but verify you set the key only in a safe place. If you need stronger assurance: review the full coingecko_client.py (bundled) and the SKILL.md for any changes, verify the package source repository and publisher, and restrict the API key's permissions or use a scoped key if AIsa supports that. If you do not want the skill to run without your explicit consent, ensure the agent's autonomous skill invocation settings are configured to require user approval.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.