Is 0xjordansg-yolo/openclaw-aisa-youtube-search-serp-video-channels-trends-content-tracking safe?

https://github.com/openclaw/skills/tree/main/skills/0xjordansg-yolo/openclaw-aisa-youtube-search-serp-video-channels-trends-content-tracking

90
SAFE

This is a clean, single-purpose YouTube SERP search skill that wraps the AIsa API. The Python client uses only standard library modules, no malicious patterns were detected in the prompt content, and no suspicious behavior was observed during installation. The primary consideration is that search queries and an API key are sent to the third-party service api.aisa.one, which is the skill's intended functionality.

Category Scores

Prompt Injection 92/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 92/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 82/100 · 5%

Findings (4)

LOW API key and queries sent to third-party service -15

The skill instructs the agent to send the user's AISA_API_KEY as a Bearer token and search queries to api.aisa.one. While this is the intended functionality, users should be aware that their API key and all search queries are transmitted to this third-party service.

INFO Python client script included -8

The skill includes a Python client (scripts/youtube_client.py) that makes HTTP requests to the API. The script uses only standard library modules and contains no obfuscated or suspicious code. It is a clean, well-structured API client.

INFO External URL references in documentation -8

SKILL.md references api.aisa.one for API calls and aisa.mintlify.app for documentation. These are legitimate endpoints for the skill's advertised functionality and do not constitute prompt injection.

INFO Unrelated skill reference in lock file -5

The .clawhub/lock.json file references 'academic-research-hub' skill, which is unrelated to this YouTube search skill. This appears to be an artifact from the developer's environment and poses no security risk.