AI Media Generation
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is a coherent AIsa media-generation client, but users should protect the API key and remember that prompts, reference image URLs, and generated media requests go to AIsa.
This looks reasonable for an API-based media generator. Before using it, verify you trust the publisher, set AISA_API_KEY securely, avoid sensitive prompts or private image URLs, and choose output file paths carefully.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with the key may be able to use the user's AIsa account or quota.
The script uses AISA_API_KEY as a bearer token for AIsa API calls, which is expected for the service but still grants account/API usage authority.
"Authorization": f"Bearer {api_key}",Store the key as an environment variable, do not paste it into prompts or shared logs, and rotate it if exposed.
Private prompts or private image URLs could be disclosed to the external provider if the user supplies them.
User prompts and reference image URLs are sent to the external AIsa video-generation API as part of the intended workflow.
"input": { "prompt": prompt, "img_url": img_url }Avoid sensitive prompts or non-public image URLs unless you are comfortable with AIsa handling that data under its terms.
A chosen output path may create or overwrite local media files.
Generated media is saved to local files, using a user-provided output path when supplied.
out_path = args.out or _safe_filename(ext)
with open(out_path, "wb") as f:
f.write(data)Use deliberate output filenames and avoid pointing the tool at important existing files.
Users have less information for independently verifying the publisher or code history.
The registry metadata does not identify a source repository, which limits provenance visibility even though no risky install script is present.
Source: unknown
Review the included files and install only if you trust the listed publisher and distribution channel.