v0.1.5

Python Sdk

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:25 AM.

Analysis

This is mostly normal Python SDK documentation, but it includes an unsafe example that evaluates agent-provided text as Python code, so it should be reviewed before use.

GuidanceReview this skill before installing if you plan to let the agent run examples. The SDK behavior is mostly expected, but avoid copying the eval() examples, run code in a virtual environment, protect API keys, and upload only files you intend to share with inference.sh or configured webhooks.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution

SeverityHighConfidenceHighStatusConcern

references/tool-builder.md

elif call.name == "calculate":
        result = eval(call.args['expression'])

The tool-handler example evaluates a tool argument as Python code. Tool arguments can be influenced by the agent or user prompt, so copying this pattern could execute arbitrary local code.

User impactA malicious or malformed prompt could potentially make a calculator-style tool run unintended Python code on the user's machine.

RecommendationDo not use eval() for calculator tools. Replace it with a safe parser, a restricted math library, or explicit validation and sandboxing.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusNote

SKILL.md

allowed-tools: Bash(pip install inferencesh), Bash(python *)

The skill permits package installation and broad Python command execution. This is relevant to a Python SDK skill, but it gives the agent a powerful local execution capability.

User impactIf the user allows the agent to run examples, Python code may access local files, environment variables, network resources, or installed packages.

RecommendationRun examples in a virtual environment, review code before execution, and avoid letting the agent run arbitrary Python commands without confirmation.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

pip install inferencesh

The install guidance uses an unpinned pip package. This is standard for SDK documentation, but package provenance and version changes matter.

User impactInstalling an unpinned package may pull a newer package version than the documentation was written for.

RecommendationVerify the package name and publisher, and consider pinning a reviewed version in production projects.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

client = inference(api_key=os.environ["INFERENCE_API_KEY"])
Get your API key: Settings → API Keys → Create API Key

The SDK uses an inference.sh API key. This is expected for a cloud SDK, but it grants access to the user's provider account.

User impactAnyone or any code with the API key may be able to use the user's inference.sh account and consume resources.

RecommendationStore API keys in environment variables or a secrets manager, use least-privilege keys where available, and avoid printing or committing them.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

references/files.md

Local file paths in input are automatically uploaded:
...
UploadFileOptions(... public=True)

The SDK can upload local files to the provider and can make uploaded files public when configured that way. This is disclosed and purpose-aligned, but it is a sensitive data flow.

User impactLocal files may leave the user's machine, and files marked public may become accessible outside the user's private environment.

RecommendationUpload only intended files, avoid public uploads unless necessary, and review file paths before running examples.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

references/sessions.md

**Shared state** - Maintain context, loaded models, cached data

The SDK supports stateful sessions that retain context and cached data between calls. This is a normal documented feature, but persisted state can affect later tasks.

User impactData or instructions from one session may influence later work if sessions or saved chat histories are reused.

RecommendationUse short session timeouts, close sessions when done, and avoid storing sensitive prompts or outputs unless needed.