Is 0xjordansg-yolo/openclaw-aisa-image-video-models-wan2-6-gemini-3-pro-image-nano-banana safe?

https://github.com/openclaw/skills/tree/main/skills/0xjordansg-yolo/openclaw-aisa-image-video-models-wan2-6-gemini-3-pro-image-nano-banana

91
SAFE

This skill is a clean, straightforward API wrapper for image generation (Gemini) and video generation (Wan 2.6) via the AIsa platform. The Python client uses only standard library modules with no obfuscation or suspicious behavior. No canary files were accessed, no unexpected network activity occurred during installation, and no prompt injection patterns were detected. The primary trust consideration is the third-party API endpoint (api.aisa.one) to which the user's API key is transmitted.

Category Scores

Prompt Injection 88/100 · 30%
Data Exfiltration 92/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 82/100 · 5%

Findings (6)

LOW External llms.txt URL reference -7

SKILL.md references https://aisa.mintlify.app/llms.txt as a documentation index. The llms.txt convention is designed for LLM consumption, and an agent might fetch this URL and follow instructions contained within it. The reference is informational rather than directive, but it could lead to indirect prompt injection if the remote content is malicious.

LOW Non-English primary language may obscure review -5

SKILL.md is primarily written in Chinese. While the content is benign technical documentation, non-English text can make manual security review more difficult for English-speaking auditors. All analyzed Chinese text translates to standard API documentation and usage instructions.

LOW API key transmitted to third-party service -8

The AISA_API_KEY environment variable is sent as a Bearer token to api.aisa.one. This is expected for the skill's stated functionality, but users must trust the third-party API provider. The key is not sent to any other endpoint.

MEDIUM Executable Python script with network access -10

The skill includes media_gen_client.py which makes HTTP requests to external APIs and writes binary files to disk. The code is clean, uses only Python standard library, and behavior is well-scoped to its purpose. No obfuscation, no dynamic code execution, no shell invocation.

LOW Arbitrary file write via --out parameter -5

The --out parameter in the Python client allows writing generated media files to any user-accessible path. The script also calls os.makedirs to create parent directories. This is standard behavior for media generation tools but could be misused by a manipulated agent to overwrite files.

INFO Potential SSRF via img-url parameter -3

The video-create command accepts an --img-url parameter that is forwarded to the API provider. If an agent were manipulated to pass internal network URLs, the API server might make requests to those targets. This is a server-side concern for api.aisa.one, not a local vulnerability.