ClawHub

youtube-search-aisa

v1.1.1

Search YouTube videos, channels, and trends via AISA API using queries, filters, and pagination without requiring Google credentials.

0· 62·0 current·0 all-time
by@bibaofeng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (YouTube search via AISA) match the included Python client and SKILL.md: the client calls https://api.aisa.one and implements search, pagination, competitor research, and top-video helpers. However, registry-level metadata at the top of the submission lists no required env vars or binaries while SKILL.md and the code require python3 and AISA_API_KEY — this mismatch should be resolved but does not by itself indicate malicious intent.
Instruction Scope
SKILL.md instructs running the bundled Python client or curl against api.aisa.one and requires only the AISA_API_KEY; the code only reads the AISA_API_KEY from the environment and performs HTTP requests to the AISA API. There are no instructions to read unrelated files, access other credentials, perform browser automation, or transmit data to unexpected endpoints.
Install Mechanism
There is no install spec (instruction-only), and the release bundles a single Python script. No external downloads or archive extraction are performed by the skill itself, minimizing install-time risk.
Credentials
The skill requires a single API key (AISA_API_KEY) which is proportionate to its behavior. The inconsistency is that the registry summary listed 'Required env vars: none' while SKILL.md and the code require AISA_API_KEY — confirm which metadata is authoritative before provisioning keys. No other secrets or unrelated credentials are requested.
Persistence & Privilege
always:false and no special system/config paths are requested. The skill does not attempt to persist or modify other skills or system-wide settings. Autonomous invocation is allowed by default but is not combined with other risky flags.
Assessment
This package appears to do what it says: run a Python client that sends search queries to api.aisa.one using a single AISA_API_KEY. Before installing: (1) Confirm the registry metadata discrepancy (top-level listing vs SKILL.md) — don’t assume the registry summary is authoritative. (2) Only provide an AISA_API_KEY with minimal scope and consider a rotated/ephemeral key. (3) Treat queries as potentially sensitive — avoid sending passwords, tokens, or private data in search queries since they go to an external service. (4) If you need stronger assurance, inspect the script locally, run it in a sandboxed environment, and monitor outbound network calls to verify only api.aisa.one is contacted. (5) Review AISA’s docs/privacy and trustworthiness before using production data.

Like a lobster shell, security has layers — review code before you run it.

latestvk976shqq73wqakg5bmpxd5qj5h84xf7h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments