ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pydantic Ai Model Integration

v1.0.0

Configure LLM providers, use fallback models, handle streaming, and manage model settings in PydanticAI. Use when selecting models, implementing resilience,...

0· 73·1 current·1 all-time
byKevin Anderson@anderskev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (PydanticAI model integration, fallback models, streaming, settings) matches the SKILL.md content: examples show configuring models, streaming, fallbacks, and usage limits. There is no unrelated functionality in the instructions.
Instruction Scope
Instructions are focused on using the pydantic_ai library (Agent, ModelSettings, FallbackModel, streaming). They reference reading environment variables (os.getenv) and model-validation behavior that 'checks env vars' but do not instruct the agent to read arbitrary files or exfiltrate data. The guidance to supply api_key parameters or rely on provider env vars means runtime code will access secrets if present.
Install Mechanism
No install spec and no code files are included (instruction-only). This is low risk from installation perspective — nothing is downloaded or written to disk by the skill itself.
!
Credentials
The SKILL.md explicitly references provider API keys and env vars (OPENAI_API_KEY, ANTHROPIC_API_KEY, os.getenv('PYDANTIC_AI_MODEL')), and says model validation 'checks env vars', but the skill metadata declares no required environment variables or primary credential. That mismatch means the skill may expect sensitive keys at runtime even though none are declared — users could unintentionally expose API keys to code running under the Agent when using this skill.
Persistence & Privilege
always is false and there is no install-time behavior or requests for permanent presence. The skill does not request elevated agent-wide privileges or modify other skills/configurations.
What to consider before installing
This is an instruction-only guide that appears to be legitimate usage examples for pydantic_ai, but it references provider API keys and environment-based model validation while the skill metadata lists no required env vars and the source is unknown. Before installing: (1) confirm this skill's origin and that you trust the publisher; (2) expect the runtime library to read environment variables like OPENAI_API_KEY, ANTHROPIC_API_KEY, or a PYDANTIC_AI_MODEL value — do not place secrets in the environment unless you intend the agent to use them; (3) run in an isolated environment or test account if you want to try it; (4) if possible, inspect the actual pydantic_ai package/version you will use (this skill provides examples but no code) to ensure behavior matches your expectations; (5) if you need the skill to declare required credentials explicitly, ask the publisher to update metadata to list the env vars the examples reference.

Like a lobster shell, security has layers — review code before you run it.

latestvk9785s17he8fsj8pzrs1wqf029839320

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments