Security audit
Twitter Autopilot
Security checks across malware telemetry and agentic risk
Overview
The package is coherent with its stated purpose: it is a Twitter/X client that uses an AIsa relay (api.aisa.one) and requires an AISA_API_KEY to perform reads, engagement, and OAuth-backed posting; the main issues are minor packaging metadata inconsistencies you should be aware of before installing.
This package implements a relay-based Twitter/X client that sends your AISA_API_KEY and any media files you attach to the external relay service at api.aisa.one. Before installing: 1) Verify you trust AIsa (api.aisa.one) as the operator that will receive your API key and uploaded media; 2) Ensure the AISA_API_KEY you supply has the minimal permissions you are willing to grant and is revocable; 3) Note the package will read local workspace files (images/videos) to upload — do not attach sensitive files; 4) The registry metadata incorrectly omitted the required env var (AISA_API_KEY) in one place — confirm your platform will prompt for or block providing secrets appropriately; 5) If you need higher assurance, review the relay service privacy/security docs or run the skill in an isolated test environment first.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
