Back to plugin

Security audit

AIsa Twitter Engagement Suite

Security checks across malware telemetry and agentic risk

Overview

The package's code, instructions, and required secret (AISA_API_KEY) are consistent with a Twitter/X relay-based engagement and posting client that uses api.aisa.one; it does not request unrelated credentials or perform unexplained local access.

This package appears to do what it says: it will call https://api.aisa.one using the AISA_API_KEY you provide and — if you attach files — read workspace file paths to upload media. Before installing, verify you trust AIsa/api.aisa.one (review their privacy/security policies) and keep these points in mind: (1) do not store sensitive local files in the workspace if you don't want them uploaded; (2) AISA_API_KEY grants the relay the ability to perform actions on your behalf via the relay — treat it like any API secret; (3) OAuth posting will produce an authorization link (or optionally open a browser) — only complete OAuth flows you trust; and (4) if you require fully local operations or avoidance of any relay, this skill is not suitable. Overall the package is internally consistent and proportional to its stated purpose.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.