Integrate OpenAI Agents SDK with You.com MCP server
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a coherent setup guide for connecting OpenAI Agents SDK to You.com MCP, with expected but noteworthy API-key use, external MCP calls, package installs, and a no-approval tool setting.
This skill looks appropriate for developers who want an OpenAI Agents SDK and You.com MCP integration. Before installing or using it, review the generated code, decide whether remote tool calls should require approval, pin package versions if needed, and only use API keys and prompts you are comfortable sending through the relevant OpenAI and You.com services.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The generated agent may contact You.com tools without asking each time, which can send queries externally and consume API usage.
The Hosted MCP template configures You.com MCP tool calls without per-call approval. This is consistent with an integration template, but users should know the generated agent may call the remote MCP tool automatically during runs.
"require_approval": "never"
If you want manual review of remote tool calls, change the approval setting before running the generated code.
Generated code will use your OpenAI and You.com accounts and may incur usage or billing according to those services.
The skill requires service credentials from the environment. These credentials are purpose-aligned for the OpenAI/You.com integration, and the artifact does not show hardcoding or logging of secrets.
* `YDC_API_KEY` (You.com API key for Bearer token) * `OPENAI_API_KEY` (OpenAI API key)
Use least-privilege API keys where available, keep them in environment variables, and avoid pasting secrets into source files or chats.
You may install the latest package version rather than a reviewed or reproducible version.
The skill instructs users to install external SDK packages without pinning versions. This is normal for a setup guide, but it leaves package version selection to the user's environment.
Python: `pip install openai-agents` * TypeScript: `npm install @openai/agents`
Install from trusted package registries and pin versions in production projects.
Queries handled through the generated agent may be sent to You.com MCP, and in hosted mode the configuration is used through OpenAI-managed infrastructure.
The generated MCP configuration sends authenticated requests to You.com's MCP endpoint. The destination and bearer-token use are disclosed and purpose-aligned.
"server_url": "https://api.you.com/mcp",
"headers": { "Authorization": f"Bearer {ydc_api_key}" }Do not send sensitive prompts or data unless you are comfortable with the OpenAI and You.com service boundaries and policies.