Security audit
Cn LLM
Security checks across malware telemetry and agentic risk
Overview
The package and runtime instructions are internally consistent: it requires only AISA_API_KEY and python3 to talk to the AIsa API (api.aisa.one) and the included code matches that stated purpose.
This package appears coherent with its stated purpose, but consider these practical precautions before installing: (1) AISA_API_KEY grants access to your AIsa account and could incur billing — only use a key you trust and consider a scoped/restricted key if available. (2) The included Python client sends any prompt/content to https://api.aisa.one; avoid sending sensitive PII or secrets through the skill. (3) Review the bundled scripts (skills/cn-llm/scripts/cn_llm_client.py) yourself if you have concerns; it is small and readable. (4) Store and rotate the API key securely (avoid committing it to repos), and remove the plugin and revoke the key if you stop using the service. (5) If you need higher assurance, run the client in an isolated environment or sandbox first.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
