Back to plugin

Security audit

Aisa Twitter Command Center Plugin

Security checks across malware telemetry and agentic risk

Overview

The package is internally consistent with its stated Twitter/X research and OAuth-backed posting purpose — it requires only AISA_API_KEY and runs local Python clients that call the documented relay (api.aisa.one) to read/search and to publish when authorized.

This package appears to do what it says: it runs local Python clients that call the AIsa relay (https://api.aisa.one) and requires one secret (AISA_API_KEY). Before installing, confirm you trust the AIsa relay and issuer of the API key. Treat AISA_API_KEY as sensitive (do not reuse high-privilege keys), and revoke it if you stop using the skill. Be aware that any workspace files you pass as attachments will be uploaded to the relay and then to X/Twitter. If you want to limit risk, test read-only workflows first, require explicit user confirmation before any publish action, and review the included python scripts locally to verify behavior (they are present in the package). If you have concerns about autonomous posting, restrict or audit agent autonomy or require manual confirmation before posting.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.