Stock Dividend AIsa
PassAudited by ClawScan on May 7, 2026.
Overview
This appears to be a read-only dividend analysis skill that uses an AIsa API key and external API calls, with no evidence of trading, purchases, brokerage access, persistence, or destructive behavior.
This skill looks safe for read-only dividend research if you trust AIsa and protect your AISA_API_KEY. Before installing, confirm you are comfortable sending requested tickers to the configured AIsa-compatible endpoint, do not provide brokerage or payment credentials, and install any needed Python dependency from a trusted source.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the script requires a compatible Python environment with the OpenAI package available; installing that package should be done from a trusted source.
The script relies on the external OpenAI Python package. This is disclosed in the script metadata and is consistent with the AIsa OpenAI-compatible API workflow, but users should be aware of the dependency because there is no separate install spec or lockfile in the supplied artifacts.
# dependencies = [ # "openai>=1.40.0,<2.0.0", # ]
Install dependencies from trusted package sources, prefer pinned or reviewed environments where possible, and avoid running unreviewed dependency installers automatically.
The AIsa API key grants access to the user’s AIsa service account and may be subject to usage limits, billing, or account policy.
The skill reads AISA_API_KEY from the environment and uses it to authenticate to the configured API endpoint. This is expected for the stated API-backed purpose and no unrelated credential use is shown.
api_key = os.environ.get("AISA_API_KEY") ... return OpenAI(api_key=api_key, base_url=base_url)Use a scoped AIsa API key if available, store it securely as an environment variable, and do not provide brokerage credentials, payment details, cookies, or other unrelated secrets.
The configured provider can see the requested tickers and the analysis prompt, and a custom base URL would receive the API request.
The skill sends the ticker-analysis prompt to an external AIsa-compatible provider endpoint. The default endpoint and HTTPS requirement are disclosed, and the data flow appears limited to user-provided ticker symbols and generated analysis prompts.
- Requests go to `https://api.aisa.one/v1` by default. - `AISA_BASE_URL` is optional and should only point to a trusted AIsa-compatible HTTPS endpoint.
Leave AISA_BASE_URL unset unless you intentionally trust an alternate HTTPS endpoint, and avoid including private portfolio details or unrelated personal information in ticker requests.