Security audit

AIsa Twitter

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Twitter/X relay skill, but its OAuth posting client can print the full AIsa API key in command output.

Review before installing. Use this only if you trust AIsa with your API key, OAuth authorization, tweet text, and any media you choose to upload. Avoid running the OAuth client in CI, shared terminals, logged sessions, or notebooks until the API key is removed or redacted from command output; rotate the key if it has already been exposed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The publishing flow includes the raw AIsa API key in returned JSON, which exposes a sensitive bearer credential to any caller, logs, terminal history, or downstream tooling that captures command output. For a Twitter posting client, echoing the secret back serves no operational need and materially increases the chance of credential theft and unauthorized API use.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The authorize command prints the raw API key alongside the authorization URL and response data, causing unnecessary disclosure of the credential during a sensitive authentication workflow. This can leak the bearer token into shells, CI logs, transcripts, or screenshots, enabling reuse by anyone who obtains that output.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The attachment flow explicitly states that local workspace image/video files are read by the client and sent to an external relay backend, but the document does not require a clear user-facing disclosure or confirmation that local file contents will leave the local environment. In a posting skill, users may reasonably expect publication to Twitter, but not necessarily that media is first transmitted through a third-party relay service, which creates avoidable privacy and data-handling risk.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: Printing the API key in user-visible output without masking or warning is an unsafe secret-handling practice and creates an immediate path for accidental disclosure. Although it overlaps with the credential exposure issue above, it independently reflects insecure output design likely to propagate the secret through normal operational use.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.