Back to plugin

Security audit

Market

Security checks across malware telemetry and agentic risk

Overview

The package and its runtime instructions are internally consistent for a market-data client that requires a single AISA_API_KEY and python3; nothing in the code or SKILL.md tries to access unrelated credentials or system files.

This skill appears to be what it says: a market-data client that uses AISA_API_KEY to call api.aisa.one. Before installing, confirm you trust api.aisa.one and the publisher (check the GitHub repo/homepage). Treat the AISA_API_KEY like any API secret (use a least-privilege key if possible), and verify the platform will only expose that key to this plugin. Also double-check the registry/marketplace metadata (it should list AISA_API_KEY as required) — the package manifests do, but the registry summary in the prompt does not, which may indicate a packaging metadata mismatch you should confirm is resolved.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.