Is bowen-dotcom/aisa-media-gen-skill safe?

https://github.com/openclaw/skills/tree/main/skills/bowen-dotcom/aisa-media-gen-skill

92
SAFE

This skill provides legitimate media generation functionality using the AIsa API service for image and video creation. The code is clean and straightforward, with no malicious behavior detected.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (3)

MEDIUM External API Dependency -15

Skill makes network calls to api.aisa.one for media generation services, requiring an external API key

LOW Python Script Included -10

Skill includes media_gen_client.py script for API interaction, but code appears safe and legitimate

LOW Third-Party Service Dependency -10

Skill depends on external AIsa API service which could change or become unavailable