Stock Dividend AIsa
AdvisoryAudited by Static analysis on May 7, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the script requires a compatible Python environment with the OpenAI package available; installing that package should be done from a trusted source.
The script relies on the external OpenAI Python package. This is disclosed in the script metadata and is consistent with the AIsa OpenAI-compatible API workflow, but users should be aware of the dependency because there is no separate install spec or lockfile in the supplied artifacts.
# dependencies = [ # "openai>=1.40.0,<2.0.0", # ]
Install dependencies from trusted package sources, prefer pinned or reviewed environments where possible, and avoid running unreviewed dependency installers automatically.
The AIsa API key grants access to the user’s AIsa service account and may be subject to usage limits, billing, or account policy.
The skill reads AISA_API_KEY from the environment and uses it to authenticate to the configured API endpoint. This is expected for the stated API-backed purpose and no unrelated credential use is shown.
api_key = os.environ.get("AISA_API_KEY") ... return OpenAI(api_key=api_key, base_url=base_url)Use a scoped AIsa API key if available, store it securely as an environment variable, and do not provide brokerage credentials, payment details, cookies, or other unrelated secrets.
The configured provider can see the requested tickers and the analysis prompt, and a custom base URL would receive the API request.
The skill sends the ticker-analysis prompt to an external AIsa-compatible provider endpoint. The default endpoint and HTTPS requirement are disclosed, and the data flow appears limited to user-provided ticker symbols and generated analysis prompts.
- Requests go to `https://api.aisa.one/v1` by default. - `AISA_BASE_URL` is optional and should only point to a trusted AIsa-compatible HTTPS endpoint.
Leave AISA_BASE_URL unset unless you intentionally trust an alternate HTTPS endpoint, and avoid including private portfolio details or unrelated personal information in ticker requests.