Pluginv1.0.0

ClawScan security

AIsa Perplexity Search Sonar · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 24, 2026, 5:01 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The package appears to implement the stated AIsa Perplexity search functionality and only needs an AISA_API_KEY and python, but there is an inconsistency in the published metadata vs the embedded skill requirements (sloppy packaging) that you should confirm before installing.
Guidance: What to consider before installing: - The skill's code and manifests consistently call https://api.aisa.one and require AISA_API_KEY and python3 — that fits the stated search purpose. However, the package's published 'Requirements' metadata (showing none) conflicts with the embedded SKILL.md and openclaw.plugin.json which require AISA_API_KEY; this is likely a packaging/metadata bug but verify which metadata the marketplace will use to prompt for/store your key. - Only provide an AISA_API_KEY if you trust the AIsa service (api.aisa.one) and are comfortable the key will be stored/used by this plugin. The bundled Python client reads AISA_API_KEY from the environment and sends it in Authorization headers to api.aisa.one — that is expected for an API client. - If you have low tolerance for risk, run the plugin in a sandbox/VM or inspect and run the Python script locally before granting credentials. Confirm the plugin's repository/homepage and check that the key storage UI maps to the declared openclaw.plugin.json config schema. - If you see any unexpected prompts for additional credentials or network targets other than api.aisa.one, do not proceed and review the package further. If you decide to uninstall later, rotate the AISA_API_KEY.

Review Dimensions

Purpose & Capability: noteThe skill's name, descriptions, manifests, and the included Python client all match a search/retrieval plugin that talks to https://api.aisa.one. Requiring AISA_API_KEY and python3 is coherent for a networked search client. However, the registry metadata at the top of the package summary reported 'Required env vars: none' while the embedded SKILL.md and openclaw.plugin.json both declare AISA_API_KEY and python3 — a packaging/metadata mismatch that should be resolved.
Instruction Scope: okRuntime instructions direct the agent to run the bundled Python client (scripts/perplexity_search_client.py) which only reads AISA_API_KEY from the environment and posts to defined AIsa endpoints; it does not instruct reading arbitrary system files or exfiltrating unrelated data.
Install Mechanism: noteThere is no install spec (lowest risk) and the package is largely instruction + a small Python client. The script is included in the bundle (extracted to disk if installed) but is a straightforward HTTP client; no downloads from external, untrusted URLs or archive extraction steps were found.
Credentials: noteThe only secret/environment requirement declared by the embedded manifests is AISA_API_KEY (and python3 as a runtime binary), which is proportionate for a hosted API client. The inconsistency between the top-level 'Requirements: none' and the embedded manifests (which require AISA_API_KEY) is the main concern — confirm which metadata the platform will use to request/store credentials.
Persistence & Privilege: okThe package does not request always:true and does not attempt to modify other skills or system-wide settings. The default autonomous-invocation flag is allowed by platform defaults; there is no unusual persistence or privilege request in the files.