ClawHub

Azure Identity Py

v0.1.0

Azure Identity SDK for Python authentication. Use for DefaultAzureCredential, managed identity, service principals, and token caching. Triggers: "azure-identity", "DefaultAzureCredential", "authentication", "managed identity", "service principal", "credential".

1· 1.9k·0 current·0 all-time
by@thegovind
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name, description, and instructions match: it's a usage guide for the Azure Identity SDK for Python. The examples and credential types shown are appropriate for that purpose. However, the metadata declares no required environment variables even though the README shows service-principal and managed-identity environment variables (AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET).
Instruction Scope
SKILL.md only shows usage examples for DefaultAzureCredential and other Azure credentials and how to call get_token; it does not instruct the agent to read unrelated system files, post tokens to external endpoints, or perform actions outside of authentication usage. Examples reference environment variables (and os.environ) which is expected for this library.
Install Mechanism
This is an instruction-only skill with no install spec or code files. The document tells users to run `pip install azure-identity`, which is normal; nothing in the skill instructs downloading arbitrary or untrusted code.
!
Credentials
The SKILL.md shows and uses sensitive environment variables (AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET and user-assigned managed identity client IDs) but the skill metadata lists no required env vars or primary credential. That mismatch could lead an unsuspecting user or agent to provide secrets without realizing the skill expects them. The credential usage itself is appropriate for the described purpose, but the metadata omission reduces transparency about sensitive data needs.
Persistence & Privilege
The skill does not request persistent presence (always:false) and contains no instructions to modify other skills or system-wide configurations. Autonomous invocation is allowed by default on the platform but is not combined here with other elevated privileges.
What to consider before installing
This SKILL.md appears to be a straightforward guide for the official azure-identity Python SDK, but the skill metadata does not declare the sensitive environment variables the document uses. Before installing or enabling this skill: 1) Confirm the skill's source/author (no homepage or repository is provided). 2) Only provide AZURE_* credentials when you trust the skill and the runtime environment — avoid pasting secrets into chat. 3) Prefer managed identities in production (avoid long-lived client secrets). 4) Ask the skill author to declare required env vars in metadata so you can make an informed decision. 5) If an agent will run this skill autonomously, be extra cautious because obtained tokens could grant access to Azure resources; restrict the agent's Azure permissions (least privilege) and monitor token use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e3e8ckykhbnav4j33bkbzkd808cty

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments