Is 0xjordansg-yolo/openclaw-aisa-youtube safe?

All YouTube search queries are routed through api.aisa.one rather than directly to YouTube/Google APIs. Users may not realize their search queries, including potentially sensitive research topics, are being sent to and logged by an intermediary service. The aisa.one service acts as an opaque proxy with its own data retention and privacy policies.

The AISA_API_KEY is described as a 'unified API key' that grants access to LLM chat completions, web search, financial data, and Twitter APIs — not just YouTube search. The skill documents using this same key to send user data to a third-party LLM endpoint (api.aisa.one/v1/chat/completions with model 'qwen3-flash'), which means conversation content could flow to third-party models beyond what a 'YouTube search' skill implies.

The skill is named 'youtube-search' and described as a YouTube Search API, but the documentation includes sections on combining with LLM chat completions and web search APIs. This expands the agent's behavior beyond what a user would expect when installing a YouTube search skill, potentially leading the agent to make API calls to services the user did not intend to authorize.

The skill contains Python, JavaScript, and bash code examples within markdown code blocks. While these are documentation and not auto-executed, an LLM agent following the skill's instructions may execute these code snippets. The code itself is benign (standard HTTP requests to the documented API), but users should be aware that the agent may run network-facing code.

Installation consisted solely of a sparse git checkout from GitHub. No unexpected network connections, no process spawning, no filesystem changes outside the skill directory. All monitored activity is attributable to the Oathe monitoring harness and normal OS services.