Back to plugin

Security audit

Openclaw Youtube

Security checks across malware telemetry and agentic risk

Overview

The package is internally consistent with its stated YouTube research purpose: it requires a single AISA_API_KEY, uses a local Python client to call the aisa.one API, and does not request unrelated credentials or perform unexpected system access.

This skill appears coherent: it runs a local Python client that calls AIsa's API and requires one API key (AISA_API_KEY). Before installing, verify you trust the AIsa service (aisa.one) and the source repo, keep your API key secret, and be aware that the skill will send search queries to the aisa.one endpoint (network traffic and any associated usage costs). If you need higher assurance, inspect the full python script in your environment and confirm the repository origin and commit history match the publisher you trust.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.