Back to plugin
Pluginv1.0.1
ClawScan security
AIsa Perplexity Sonar Search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 23, 2026, 3:38 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The package is internally consistent: it wraps a bundled Python client that calls AIsa's API and only asks for the AISA_API_KEY and python3 as declared.
- Guidance
- This skill will send your queries (and any prompt text you include) to api.aisa.one using the AISA_API_KEY you provide. Only install if you trust AIsa and are comfortable giving that API key; do not include secrets or private documents in searches unless you are certain of the provider's handling and retention policies. Review the plugin source and the AIsa API terms/rate limits. If you want tighter control, run the bundled Python script locally and provide a scoped API key rather than storing a broad credential in a shared config.
Review Dimensions
- Purpose & Capability
- okName/description describe a search/synthesis skill and the package contains a Perplexity Sonar client that talks to https://api.aisa.one; required artifacts (python3, AISA_API_KEY) match the stated purpose.
- Instruction Scope
- okSKILL.md and the Python script instruct running the local script and supply an API key; instructions do not read unrelated files, environment variables, or send data to unexpected endpoints.
- Install Mechanism
- okNo install spec; this is instruction-only with bundled scripts. No downloads from third-party URLs or archive extraction are present.
- Credentials
- okOnly AISA_API_KEY is required and is declared as primaryEnv in manifests and SKILL.md. No unrelated credentials or broad environment access requested.
- Persistence & Privilege
- okSkill is user-invocable, not always: true. It does not modify other skills or request persistent system-wide privileges.