OpenAI Agent SDK
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly a coherent OpenAI Agents SDK guide, but one included example uses unsafe Python eval in an agent tool that could execute arbitrary code if run or copied.
Review the examples before running them. In particular, replace the eval-based calculator tool with a safe implementation, set API keys only through secure local configuration, pin dependencies for real projects, and be mindful of what conversation data sessions retain.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted calculator input could potentially read files, run commands, or otherwise act with the permissions of the local Python process.
The agent-exposed calculator tool evaluates an expression with Python eval. Because the expression can be supplied through a model/tool call path, running or reusing this example could execute arbitrary Python code rather than only math.
@function_tool
def calculate(expression: Annotated[str, "数学表达式"]) -> float:
...
result = eval(expression)Do not run or copy this calculator tool as written. Replace eval with a safe math parser, an operator allowlist, or a sandboxed evaluator before using it.
Future package versions could behave differently from what the examples assume.
The package installation is purpose-aligned and user-directed, but the dependency is not pinned to an exact reviewed version.
packages: - "openai-agents>=0.1.0" ... pip install openai-agents uv add openai-agents
Install from the official package source and pin a known-good version in real projects.
Anyone who obtains the key could use the associated provider account and incur costs or access available API resources.
The skill tells users to configure an OpenAI API key, which is expected for OpenAI Agents SDK use but still grants account-level API access.
export OPENAI_API_KEY="sk-your-api-key-here"
Store the key securely, do not commit it to code, scope it where possible, and rotate it if exposed.
Sensitive information from earlier turns may be reused in later interactions if sessions are enabled or persisted.
The skill documents session-based conversation history, which is a normal SDK feature but means prior context can influence later runs.
session = Session() result1 = await Runner.run(agent, "问题1", session=session) result2 = await Runner.run(agent, "问题2", session=session) # 记住问题1的上下文
Avoid putting secrets into agent sessions, configure retention deliberately, and clear session history when it is no longer needed.