ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Strands Agents SDK

v2.0.3

Build and run Python-based AI agents using the AWS Strands SDK. Use when you need to create autonomous agents, multi-agent workflows, custom tools, or integrate with MCP servers. Supports Ollama (local), Anthropic, OpenAI, Bedrock, and other model providers. Use for agent scaffolding, tool creation, and running agent tasks programmatically.

0· 1.7k·0 current·0 all-time
by@trippingkelsea
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill is an SDK for building Python agents and the included scripts, cheatsheet, and examples are consistent with that purpose. However, the registry metadata declares no required environment variables or packages while the SKILL.md and code clearly rely on many optional dependencies and provider credentials (AWS Bedrock as default, Anthropic, OpenAI, Mistral, strands_tools, etc.). The absence of these expected requirements in the manifest is an incoherence worth noting.
!
Instruction Scope
The SKILL.md and scaffold templates instruct creation of tools that can read arbitrary filesystem paths and run arbitrary shell commands (see run_command using subprocess.run(shell=True)). That behavior aligns with an agent SDK (agents often need tooling), but it grants powerful local capabilities. The instructions also default to Bedrock (AWS) and document usage of MCP transports and network endpoints. The SKILL.md does not limit or caution about these powerful tool defaults in the manifest, giving the agent broad discretion to access local files, execute commands, and call external services.
Install Mechanism
There is no automated install spec in the registry entry (instruction-only), which reduces the risk of hidden downloads. The SKILL.md recommends installing packages via pipx/pip (strands-agents, strands-agents-tools), which is expected for this SDK. Because there is no forced download/extract step in the skill manifest, nothing in the registry will write arbitrary archives during install — but installing the recommended Python packages is required to use many features.
!
Credentials
The registry metadata declares no required environment variables, yet SKILL.md and templates clearly reference several provider credentials and env vars: AWS credentials (AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY and optional AWS_REGION) for Bedrock/SageMaker/S3, ANTHROPIC_API_KEY, OPENAI_API_KEY, MISTRAL_API_KEY, STRANDS_MCP_TIMEOUT, and others. This mismatch means the skill's manifest understates the secret/credential access the code will need and could request at runtime.
Persistence & Privilege
The skill does not request always: true and does not declare system-wide config paths. It is user-invocable and allows autonomous model invocation (default), which is normal for skills. The provided scripts generate project files and can enable hot-reload of ./tools/ (Agent(load_tools_from_directory=True)), but they do not claim to modify other skills or global agent settings.
What to consider before installing
This SDK appears to be what it claims (a Strands agent SDK) but has a few important mismatches you should consider before installing: - Verify source and integrity: the manifest points at a GitHub homepage; confirm the upstream repo, release tag, and checksum for the Python packages (strands-agents, strands-agents-tools, strands-agents-builder) before pip installing. - Credentials are required but not declared: the skill will behave as if it needs AWS credentials (Bedrock/S3), ANTHROPIC_API_KEY, OPENAI_API_KEY, and other provider keys. Do not supply broad/long-lived AWS keys; prefer least-privilege or temporary credentials and explicit provider selection (pass model= to avoid implicit Bedrock usage). - Generated scaffolds include powerful tools by default: the example agent templates include tools to read/write arbitrary files and run shell commands (subprocess.run with shell=True). If you run generated agents, either remove or sandbox these tools (or restrict their allowed paths/commands) to prevent accidental data leakage or command execution. - Run in an isolated environment: test in a sandboxed VM/container without sensitive credentials mounted, or with limited-role AWS credentials, before using on a production machine. - Audit generated code: review the files produced by create-agent.py and any third-party packages it installs (strands-tools, strands-agents) for unexpected network endpoints or hidden behaviors. Pay attention to MCP examples that spawn external commands or connect to arbitrary endpoints. If you need a conservative setup: explicitly specify a local provider (Ollama) or a provider you control, remove the run_command/file_read/file_write tools from the default toolset, and only add provider credentials when necessary. If you want more assurance, request an upstream signed release or a reproducible package build before trusting it with secrets or broad system access.

Like a lobster shell, security has layers — review code before you run it.

agentsvk979417e6tjjj0my6h846t9kx580kdf0aivk979417e6tjjj0my6h846t9kx580kdf0awsvk979417e6tjjj0my6h846t9kx580kdf0latestvk975vs94w1bg7f4rhvm5czseas80j114pythonvk979417e6tjjj0my6h846t9kx580kdf0sdkvk979417e6tjjj0my6h846t9kx580kdf0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧬 Clawdis
Binspython3

Comments