ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Claude Agent Sdk

v0.1.0

Build autonomous AI agents with Claude Agent SDK. Structured outputs guarantee JSON schema validation, with plugins system and hooks for event-driven workflows. Prevents 14 documented errors. Use when: building coding agents, SRE systems, security auditors, or troubleshooting CLI not found, structured output validation, session forking errors, MCP config issues, subagent cleanup.

0· 1.7k·1 current·1 all-time
byVeera@veeramanikandanr48
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (Claude Agent SDK) match the included content: a full API reference, templates for subagents, MCP servers, permission control, and session management. That functionality justifiably includes examples that read/write files, run tools, and call external MCP servers. One inconsistency: the README instructs users to export ANTHROPIC_API_KEY, but the skill metadata lists no required env vars or primary credential — this is likely an omission and should be clarified.
!
Instruction Scope
SKILL.md and templates explicitly show instructions that let agents read project/user files (~/.claude, .claude/settings.json), run bash commands, use file checkpointing, spawn MCP servers (stdio/http), and send HTTP requests to external endpoints. Those are expected for an SDK, but they also give the agent potential to access sensitive local files (e.g., /etc/, .env, ssh keys) and to transmit data externally (remote MCP HTTP URLs, commented suggestions to log to Datadog). The docs also document a 'bypassPermissions' mode and many examples that, if used, would permit destructive or exfiltrative operations — this broad scope is relevant but high-risk unless permission controls are enforced.
Install Mechanism
There is no install spec (instruction-only install), which minimizes automatic code execution on install. However, the package includes many TypeScript templates and README examples that instruct running npm install (e.g., @anthropic-ai/claude-agent-sdk, zod) and using npx for external MCP servers. Because installation/runtime of those packages is left to the user, there's no direct install-time download risk from the skill bundle itself — but using the templates will pull external packages and may run npx commands, so review any commands before running.
!
Credentials
The docs and examples reference environment variables and secrets (e.g., export ANTHROPIC_API_KEY, process.env.NODE_ENV, ALLOWED_PATHS for stdio MCP servers, web service Authorization headers), but the skill metadata lists no required env vars or primary credential. For an agent SDK, requesting an API key to call Anthropic is normal — but the omission in metadata is a discrepancy. Also examples show sending logs/external telemetry and saving sessions to a DB (which would need DB credentials) — those uses are plausible but the skill should explicitly declare sensitive env requirements.
Persistence & Privilege
always:false (no forced global inclusion) and user-invocable:true — normal. The skill contains session management code (start/resume/fork) and templates that persist or export session IDs and even store sessions in a DB; that is expected for an SDK but increases lifetime of state if you adopt those templates. Also, SKILL.md documents a 'bypassPermissions' mode and patterns that could allow broad actions if enabled — exercise caution when enabling such modes or allowing autonomous invocation with broad tool access.
Scan Findings in Context
[system-prompt-override] expected: The SKILL.md discusses systemPrompt configuration and presets (used to set agent/system prompts), which explains the scanner match. However, any content that demonstrates or encourages overriding system prompts is a prompt-injection vector — acceptable in SDK docs but something to be careful with when using project-provided CLAUDE.md or copied prompts from untrusted sources.
What to consider before installing
This package looks like a legitimate Claude agent SDK: it contains a full API reference and many useful templates. However, review these items before installing or running templates: 1) Metadata omission: README tells you to export ANTHROPIC_API_KEY but the skill metadata doesn't declare it — expect to provide that secret to actually call Anthropic. 2) Powerful capabilities: templates let agents run Bash, read/write files, and call external MCP servers (HTTP or npx stdio). Only run templates in a sandbox or CI container you control, and prefer 'default' permissionMode with a strict canUseTool callback. 3) Remote endpoints and logging: examples include remote URLs and comments about sending logs externally — audit any endpoints and remove telemetry you don't trust. 4) Prompt-injection risk: SKILL.md contains systemPrompt configuration examples (expected), but be careful copying project CLAUDE.md/system prompts from untrusted repos. 5) Verify source and repository: the skill lists an external repo in plugin.json but 'Source' is unknown — prefer skills with known, trusted authors. If you want to proceed: run templates in an isolated environment, do not enable bypassPermissions, implement canUseTool to block destructive commands and sensitive paths, and explicitly supply only the minimal env vars (Anthropic key) required. If you want, I can list the exact files and code snippets that access files, env vars, or external URLs so you can audit them before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fdmfapc5gkbj41xsdbtgh59808897

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments