AIsa Youtube Search
PassAudited by ClawScan on May 8, 2026.
Overview
This instruction-only skill transparently uses an AIsa API key to send YouTube search queries to api.aisa.one, with no local code, persistence, or hidden behavior shown.
This appears safe to install if you are comfortable using AIsa as a YouTube search relay. Keep AISA_API_KEY secret, and do not use this skill for searches that must remain local or for direct YouTube account actions.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with the API key could make requests to the AIsa service as the key holder.
The skill requires a provider API key and sends it as a bearer token to the AIsa endpoint. This is purpose-aligned and disclosed, but it is still a sensitive credential.
Required environment variable: `AISA_API_KEY` ... -H "Authorization: Bearer $AISA_API_KEY"
Store the key securely, avoid pasting it into shared logs or chats, and rotate it if it is exposed.
YouTube search queries may be visible to the external relay service.
The skill explicitly relies on an external relay, so search terms and filter parameters are sent to AIsa rather than staying local.
All search requests go to `api.aisa.one`.
Use the skill only for searches you are comfortable sending to AIsa; choose another method if the query must remain local or private.