AIsa Twitter Research Engage Relay
AdvisoryAudited by Static analysis on May 8, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked on the wrong target or content, the user's Twitter/X account could publicly like, follow, reply, or post something unintended.
The skill can perform public Twitter/X engagement and posting actions. This is central to the skill's purpose and is disclosed, but those actions can affect a user's public account.
Run Twitter/X likes, follows, replies, and OAuth-gated posting through AIsa.
Use the skill only for clearly confirmed targets and review the exact post, reply, media, or engagement action before allowing it.
Anyone with the configured AISA_API_KEY or authorized relay access may be able to perform supported Twitter/X actions through this workflow.
The skill requires a bearer-style API key for the AIsa relay, and posting is OAuth-gated. This is expected for the integration, but it gives the relay authority to act through the configured account.
`AISA_API_KEY` is required for AIsa-backed API access.
Store the API key securely, grant only the intended account access, and revoke or rotate credentials if they may have been exposed.
Attached images or videos, along with tweet content, leave the local workspace and are sent to AIsa's API for upload and posting.
The attachment workflow sends user-provided local media files to the external AIsa relay before publishing to Twitter/X. This is disclosed and purpose-aligned, but users should notice the data transfer.
The Python client reads the local file and sends it to the relay backend as `multipart/form-data`.
Only attach files intended for public posting, and avoid sending private or unrelated local files.