Back to skill
Skillv1.0.0
ClawScan security
Perplexity Search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 8:12 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requested credential (AISA_API_KEY) align with its stated purpose of calling AIsa Perplexity/Sonar endpoints; nothing in the bundle appears disproportionate or unrelated.
- Guidance
- This skill appears coherent and limited to calling AIsa Perplexity (api.aisa.one). Before installing, confirm you trust the AIsa service and the skill owner, and only provide an API key with appropriate scope/limits. Avoid sending secrets or highly sensitive data in queries since they are transmitted to an external API. If you need stricter control, rotate/revoke the AISA_API_KEY after use and review AIsa's privacy and retention policies. Finally, note that the agent may call the skill autonomously (platform default); if you want to restrict automatic use, control invocation via your agent's skill permissions.
Review Dimensions
- Purpose & Capability
- okName/description, SKILL.md, and the included Python client all target AIsa Perplexity Sonar endpoints. Required binaries (curl, python3) and the single env var (AISA_API_KEY) are consistent with making HTTP API calls to api.aisa.one.
- Instruction Scope
- okRuntime instructions only describe calling the AIsa endpoints via the bundled Python client or curl; they do not instruct the agent to read unrelated files, search the host, or exfiltrate data beyond the API calls needed for queries.
- Install Mechanism
- okNo install spec; this is instruction-only plus a small included client script. Nothing is downloaded from arbitrary URLs and no archive extraction or third-party package installs are specified.
- Credentials
- okOnly AISA_API_KEY is required and used by the client. No unrelated credentials, config paths, or broad secrets are requested.
- Persistence & Privilege
- okSkill is not always-enabled and does not request elevated persistence or modify other skills or system-wide settings. Autonomous model invocation remains the platform default but is not combined with other red flags here.