ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

twitter-post-aisa

v1.0.1

Search, post, like, follow, and engage with Twitter/X content via AISA relay using OAuth-approved API actions with no password sharing.

0· 43·0 current·0 all-time
by@bibaofeng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth tokenRequires sensitive credentialsPosts externally
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, description, SKILL.md, and included Python clients consistently implement read, OAuth posting, and engagement actions against a relay at api.aisa.one — this is coherent with the stated purpose. However, the registry-level metadata provided earlier (which claimed no required env vars or binaries) contradicts SKILL.md and the code that require python3 and AISA_API_KEY; that mismatch is an incoherence.
Instruction Scope
SKILL.md and the reference docs specify only the expected actions: read, search, request OAuth authorization, publish, and engagement. The runtime instructions explicitly require AISA_API_KEY, use the included scripts, and instruct using local workspace media paths; they do not instruct reading arbitrary local files, cookies, or unrelated secrets.
Install Mechanism
There is no install spec (instruction-only release with bundled scripts). No external downloads or installers are executed by the skill itself. The risk is limited to shipping and running the included Python scripts locally.
!
Credentials
The Python code and SKILL.md expect AISA_API_KEY and python3 (SKILL.md declares primaryEnv: AISA_API_KEY), but the registry summary at the top claims no required env vars or primary credential — this mismatch is unexplained. Aside from AISA_API_KEY, the code does not request extra unrelated credentials. Note: AISA_API_KEY is a bearer secret for the relay and should be treated as sensitive.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide persistence or modify other skill configs. It may open a local browser optionally during OAuth (explicit option), but otherwise relies on returning authorization links and the relay. Autonomous invocation is permitted (platform default) but not combined with always: true.
What to consider before installing
Key points before installing or running this skill: - Trust the relay: All network calls (including media uploads and OAuth flows) go to https://api.aisa.one — verify you trust that service and its privacy/security practices before providing an AISA_API_KEY or uploading media. - Environment mismatch: The registry summary claims no required env vars/binaries, but SKILL.md and the Python scripts require python3 and AISA_API_KEY. Expect the skill to fail unless you export AISA_API_KEY; treat that value as a secret (Bearer token). - OAuth scope and approvals: The skill will request OAuth authorization to act on your behalf for posting/engagement. Carefully review the OAuth consent screens and granted scopes — revoke access if you see unexpected permissions. - Media handling: If you attach local images/videos, the skill will read the workspace file paths and upload them to the relay as multipart/form-data. Do not upload sensitive files you wouldn't want sent to the relay. - Source provenance: Owner and homepage are unknown/absent. If you need higher assurance, ask the publisher for source provenance (repo, maintainer contact) and confirm the relay operator (aisa.one) is legitimate. - Operational note: Because this skill can post/engage via OAuth, only grant it the minimum permissions you are comfortable with and prefer receiving an authorization URL (do not auto-open the browser) unless you explicitly want local browser flow. If you want help: I can extract the exact places the code reads env vars and the list of endpoints it calls, or draft questions to ask the publisher to improve provenance and metadata before you install.

Like a lobster shell, security has layers — review code before you run it.

latestvk97esz8j1341ct84qqtz9m2k5584xhn1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments