Skillv1.0.0

ClawScan security

aisa-twitter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 15, 2026, 8:02 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The package is a coherent Twitter/X relay client that contacts api.aisa.one and requires an AISA_API_KEY, but the registry metadata and package frontmatter disagree about required env and versioning—confirm the missing environment declaration and trust in the relay before installing.
Guidance: This skill is functionally what it says: it sends read and write actions (including media uploads and OAuth flows) to https://api.aisa.one and requires an AISA_API_KEY. Before installing: 1) Confirm why the registry metadata omitted the required AISA_API_KEY (packaging error or oversight). 2) Only use a scoped, revocable API key dedicated to this skill and monitor its usage; the relay will see tweet content, attachments, and OAuth tokens. 3) Verify you trust api.aisa.one (privacy and security implications of relaying posts and uploaded files). 4) Note the SKILL.md frontmatter version differs from the registry version — ask the publisher for clarification. If you need local-only posting or do not want third-party relay access to attachments/OAuth tokens, do not install/use this skill.

Review Dimensions

Purpose & Capability: noteName, description, SKILL.md, and the included Python clients consistently implement Twitter/X read, OAuth posting, and engagement via a relay at api.aisa.one. The capabilities requested by the code match the described purpose (search, post, like, follow).
Instruction Scope: noteSKILL.md instructs the agent to use the three Python scripts and to pass local workspace file paths for media; the runtime behavior is constrained to calling the AISA relay endpoints. Be aware the workflow intentionally uploads local attachment files and OAuth flows (tokens) to the relay service — this is within the stated scope but important for privacy/trust decisions.
Install Mechanism: okNo install spec is provided (instruction+script bundle). Nothing is downloaded or written by an installer step; risk from install mechanism is low. The runtime will execute bundled Python scripts, so the main risk is network (relay) interactions, not an opaque installer.
Credentials: concernThe SKILL.md and scripts clearly require AISA_API_KEY (declared as primaryEnv in frontmatter), but the registry-level metadata at the top reported 'Required env vars: none'. This mismatch is an incoherence in packaging/metadata. Also, the relay key grants the relay authority to act (including receiving media and handling OAuth flows), so a user should treat the key as sensitive and scoped appropriately.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills, and includes no self-install logic or persistent home-directory writes in the provided docs. Autonomous invocation is allowed (platform default) but not combined with other high privileges here.