Security audit
Stock Watchlist
Security checks across malware telemetry and agentic risk
Overview
The package does what it says: a Python-based watchlist that calls an AIsa API using an AISA_API_KEY and stores a local JSON watchlist; its requirements and behavior are consistent with the description.
This package appears coherent for a market-data watchlist. Before installing: (1) Confirm the origin of AISA_API_KEY and only provide keys you trust with market-query access; (2) be aware the script will store watchlist data under a user directory (~/.clawdbot/skills/stock-analysis/watchlist.json) and may create that directory; (3) you will need python3 and the Python 'openai' client dependency installed manually if you want to run the script; (4) optional env vars (AISA_BASE_URL, AISA_MODEL, CLAWDBOT_STATE_DIR) can change behavior — review them if you set them; (5) if you require strict data handling, review the code and the remote API (https://api.aisa.one) to confirm what data is transmitted.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
