ClawHub

dive-into-langgraph

v1.0.5

A comprehensive guide and reference for building agents using LangGraph 1.0, including ReAct agents, state graphs, and tool integrations.

1· 402·0 current·0 all-time
byChang Luo@luochang212
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (LangGraph guide, ReAct agents, state graphs, tools) matches the files and examples included. The Python examples and tools are consistent with teaching/demo usage of LangGraph and LangChain.
!
Instruction Scope
SKILL.md instructs users to install many LangGraph/LangChain-related Python packages and to populate a .env with model provider credentials (DASHSCOPE_*, ARK_*). The runtime examples load .env and create LLMs using DASHSCOPE_BASE_URL / DASHSCOPE_API_KEY. This is in-scope for a LangGraph tutorial, but the instructions explicitly require secret API keys and network endpoints — so review before supplying secrets.
Install Mechanism
There is no install spec in the registry (instruction-only), and the SKILL.md shows standard pip installation commands. No downloads from untrusted URLs or archive extraction are present. The dependency list is broad but appropriate for a LangGraph tutorial.
!
Credentials
The skill expects model-provider environment variables (e.g., DASHSCOPE_BASE_URL, DASHSCOPE_API_KEY, ARK_BASE_URL, ARK_API_KEY) and the code reads these via os.getenv. However, the registry metadata lists no required env vars or primary credential — a mismatch. Requesting API keys is reasonable for examples that call external model providers, but the registry should declare this explicitly so users know what secrets will be needed.
Persistence & Privilege
The skill does not request permanent inclusion (always:false), does not write system-wide configs, and only loads .env (dotenv) for credentials. It does not modify other skills or agent settings. Autonomous invocation (model invocation enabled) is the platform default and not an additional risk here.
What to consider before installing
This skill is a tutorial and includes example code that will call external LLM endpoints. Before installing or running it: 1) Expect to provide model API keys (e.g., DASHSCOPE_*, ARK_*) in a .env — the registry metadata did not declare these, so don't paste secrets unless you're comfortable. 2) Review the included examples and tools (they appear benign; math/safe_eval uses a safe AST evaluator). 3) Run examples in an isolated environment/virtualenv and avoid exposing production credentials. 4) If you plan to allow autonomous agents to use this skill, be cautious: providing long-lived model keys to a skill gives it network access to those services. 5) If anything is unclear, ask the skill author for a clear list of required env vars and for the upstream repository/source (SKILL.md links point to a GitHub repo and online docs — verify those sources).

Like a lobster shell, security has layers — review code before you run it.

latestvk97255dncx0t6p37knqn11809n82e0sj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments