Is 0xjordansg-yolo/openclaw-aisa-affordable-llm-model-tokens safe?

https://github.com/openclaw/skills/tree/main/skills/0xjordansg-yolo/openclaw-aisa-affordable-llm-model-tokens

78
CAUTION

This skill is a legitimate LLM API gateway client that routes all model requests through the third-party proxy api.aisa.one. While no malicious code, prompt injection, or canary tampering was detected, the fundamental design creates a man-in-the-middle position where every prompt, response, and API credential flows through an unaudited third party. The clone behavior was clean with no suspicious activity during installation.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 50/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 45/100 · 5%

Findings (5)

HIGH All LLM traffic routed through third-party proxy -35

The skill's core functionality routes every LLM API call through api.aisa.one. When an agent uses this skill — especially via the OpenAI SDK compatibility mode — all prompts, system messages, conversation history, function calls, and responses pass through the third-party server. This creates a permanent man-in-the-middle position where the proxy operator has full visibility into all agent reasoning and user data.

MEDIUM Proxy could intercept and modify LLM responses -15

Because the skill positions aisa.one between the user and the actual LLM providers, the proxy has the technical ability to modify, inject, or suppress content in LLM responses before they reach the agent. This could be used to manipulate agent behavior without the user's knowledge.

MEDIUM Third-party dependency for all agent cognition -40

When combined with other skills that process sensitive data (code, credentials, user PII), the proxy gains access to all information embedded in LLM prompts. The service is not widely known or independently audited, creating a trust-on-first-use dependency for agent security.

LOW Bundled Python script with network access -15

The skill includes an executable Python script (llm_router_client.py) that makes HTTP requests to external servers. While the code is clean and uses only standard library, it provides a ready-made tool for network communication that an agent could invoke.

INFO Extensive documentation may bias agent behavior -10

The SKILL.md contains very detailed API documentation, code examples, and use cases that could influence an agent to preferentially route LLM calls through aisa.one even when direct API access would be more appropriate or secure.