Agent Framework Azure Ai Py
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent documentation-only Azure AI agent-building skill, but users should notice that its examples involve Azure credentials, persistent cloud threads, hosted code execution, file/search tools, and MCP integrations.
Install only if you intend to build Azure AI Foundry agents. Before running generated code, verify the Azure project and identity being used, pin SDK versions for real projects, avoid sending secrets or private files unless necessary, and configure MCP/file/code tools with least privilege and explicit approval for sensitive actions.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Following the examples may install changing pre-release SDK code into the user's Python environment.
The setup guidance asks users to install a pre-release package; this is purpose-aligned for SDK examples but has greater version/provenance variability than a pinned stable dependency.
pip install agent-framework --pre
Install from trusted package indexes, pin known-good versions for projects, and review release notes before using in production.
If run while logged into Azure, generated code may create agents, upload files, or access Azure AI project resources under that identity.
The examples rely on the user's Azure identity to create and operate Azure AI agents; this is expected for the integration but grants cloud-account authority to the generated code.
credential = AzureCliCredential() # Production credential = DefaultAzureCredential()
Use a least-privileged Azure identity and project, confirm the target endpoint/model, and avoid hardcoding or over-scoping credentials.
An agent built from these examples could call connected MCP tools automatically, depending on the server's available permissions.
The MCP examples include a mode where tools execute without per-call approval; the behavior is disclosed and related to MCP integration, but it can be risky for sensitive or mutating tools.
approval_mode="never_require", # Don't ask for approval
Use allowed_tools filters and require approval for sensitive, mutating, private, or high-impact MCP operations.
Prompts and selected files may be processed by Azure-hosted code execution, producing generated files or analysis results.
The hosted code interpreter is explicitly documented as a tool that lets agents run Python code; this is central to the skill but should be intentionally enabled.
Enables agents to execute Python code on the Azure AI service.
Enable code interpreter only for tasks that need it, review what files are provided, and treat the execution environment as a cloud service boundary.
Sensitive conversation content may persist in Azure-side threads and be reused if thread IDs are saved or shared.
The skill teaches use of server-side conversation persistence, which can retain and reuse prior messages across turns and later resumptions.
`AgentThread` links agent execution to server-side conversation state
Avoid placing unnecessary secrets in threads, protect saved thread IDs, and define retention/cleanup practices for persistent conversations.
Agent prompts, context, and tool arguments may be sent to MCP endpoints, and the endpoint's tools may act with configured credentials.
The MCP guidance connects agents to external or authenticated HTTP-based tool servers; this is expected for MCP but introduces a data and permission boundary.
MCPStreamableHTTPTool(
name="GitHub MCP",
url="https://api.github.com/mcp",
http_client=authenticated_client,Use trusted MCP servers, isolate credentials per service, restrict exposed tools, and require approval for operations that read sensitive data or mutate external systems.