Pluginv1.0.0

ClawScan security

Twitter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 23, 2026, 11:31 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The package appears to implement a Twitter/X client that talks to AIsa relay endpoints and requires a single AISA_API_KEY; its files, instructions, and requested credential are largely coherent with the stated purpose, though there are small metadata inconsistencies you should verify before installing.
Guidance: This package implements a Twitter/X client that forwards requests to AIsa's relay (api.aisa.one) and requires an AISA_API_KEY. Before installing: (1) Confirm you trust the AIsa service (api.aisa.one) since all posting/engagement flows go through it. (2) Provide only the AISA_API_KEY (do not share Twitter passwords or cookie data). (3) Note the registry metadata in the listing omitted the AISA_API_KEY requirement — rely on the plugin manifest and SKILL.md for accurate runtime requirements. (4) If you need to audit network endpoints, review the bundled Python scripts (they are present in the package) and consider pinning or overriding TWITTER_RELAY_BASE_URL to an endpoint you control if appropriate. (5) Remember autonomous invocation is allowed by default; if you need to restrict automatic posting, adjust agent/plugin permissions or require explicit user confirmation before posting.

Review Dimensions

Purpose & Capability: okThe skill is a Twitter/X research, monitoring, and posting plugin and the code and SKILL.md consistently implement read, engagement, and OAuth posting flows via AIsa relay endpoints (api.aisa.one). Requiring an AISA_API_KEY is appropriate for a relay-backed integration. Note: the registry summary at the top of the listing incorrectly reported 'Required env vars: none' even though the plugin manifest and SKILL.md declare AISA_API_KEY as required — this is a metadata inconsistency rather than a functional mismatch.
Instruction Scope: okRuntime instructions are scoped to calling the bundled Python clients and the AIsa relay (search, engagement, OAuth posting). The SKILL.md and reference docs explicitly prohibit asking for user passwords or cookies and instruct the agent to return authorization links rather than auto-opening them. The Python scripts perform HTTP(S) requests to api.aisa.one and read local workspace file paths only when attaching media; they do not attempt to read unrelated system files or other credentials.
Install Mechanism: okNo install spec is present (instruction-only packaging for the agent) and the bundle contains Python scripts that are intended to be executed with python3. No remote downloads or extracted archives are used by the package itself, so installation risk is low.
Credentials: noteThe skill requires a single service credential (AISA_API_KEY) which is proportionate to its operation since all network calls go to AIsa relay endpoints. The code also supports overriding the relay base URL via TWITTER_RELAY_BASE_URL, which is reasonable. The earlier registry summary that listed 'Required env vars: none' contradicts the manifest and SKILL.md that require AISA_API_KEY — you should confirm the expected configuration before use.
Persistence & Privilege: okThe package does not request always:true and does not attempt to change other skills' configs. It allows normal autonomous invocation (disable-model-invocation is false), which is the platform default; this increases attack surface in general but is expected for an agent skill that can be invoked to post on behalf of users.