Unified API for powerful image and video generation

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward AIsa media-generation helper that sends prompts to AIsa and saves generated output when the user asks it to.

Install only if you trust AIsa and the publisher. Use a revocable AISA_API_KEY, do not submit secrets or private media unless allowed, and choose output paths carefully because downloads and generated images write to the path you provide.

SkillSpector

By NVIDIA

Vulnerability Patterns

Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tainted flow: 'req' from os.environ.get (line 65, credential/environment) → urllib.request.urlopen (network output)

Critical

Category: Data Flow
Content: os.makedirs(os.path.dirname(out_path) or ".", exist_ok=True) req = urllib.request.Request(url, headers={"User-Agent": "OpenClaw-Media-Gen/1.0"}) try: with urllib.request.urlopen(req, timeout=timeout_s) as resp, open(out_path, "wb") as f: total = 0 while True: chunk = resp.read(1024 * 1024) # 1MB
Confidence: 91% confidence
Finding: with urllib.request.urlopen(req, timeout=timeout_s) as resp, open(out_path, "wb") as f:

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal