ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Strands

v1.0.0

Build and run Python-based AI agents using the AWS Strands SDK. Use when you need to create autonomous agents, multi-agent workflows, custom tools, or integrate with MCP servers. Supports Ollama (local), Anthropic, OpenAI, Bedrock, and other model providers. Use for agent scaffolding, tool creation, and running agent tasks programmatically.

0· 1.4k·0 current·0 all-time
by@trippingkelsea·duplicate of @trippingkelsea/strands
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description (Strands SDK for building Python agents) matches the included instructions and example code. The SDK legitimately needs model provider credentials (Bedrock/AWS, Anthropic, OpenAI, etc.) and exposes tools for file I/O and shell execution — these are coherent with an agent framework. However the registry metadata lists no required env vars or primary credential while the SKILL.md and templates clearly reference multiple provider credentials and AWS profiles, which is an inconsistency to be aware of.
!
Instruction Scope
The runtime instructions and provided templates explicitly enable reading/writing arbitrary files and running shell commands (the scaffolded agent includes read_file/write_file/run_command, with run_command using subprocess.run(..., shell=True)). run-agent loads an arbitrary Python agent file via importlib and executes it, so installing/using this skill can cause execution of arbitrary code from scaffolded or user-supplied agent files. Hot-reload of ./tools/ is supported (Agent(load_tools_from_directory=True)), which can further lead to code being executed when files change. These behaviors are expected for an agent SDK but constitute significant privileges and should be restricted to trusted environments.
Install Mechanism
This is instruction-only with no install spec and requires python3. No remote download/install steps are declared in the skill package itself — lower installation risk. The SKILL.md suggests pip or pipx for installing the Strands packages, which is expected and standard.
!
Credentials
The registry shows 'Required env vars: none', but SKILL.md and cheatsheet document multiple provider credentials (AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY for Bedrock/SageMaker, ANTHROPIC_API_KEY, OPENAI_API_KEY, MISTRAL_API_KEY, STRANDS_MCP_TIMEOUT, etc.). Bedrock is the default when Agent() is created with no model and thus will attempt to use AWS credentials if present. Requesting broad cloud credentials (AWS) and multiple API keys is proportionate for a multi-provider agent SDK, but the metadata mismatch is misleading and the presence of AWS credentials in a default code path increases risk — those are high‑value secrets and should be scoped/segregated.
Persistence & Privilege
always:false and no system-wide config modifications are declared (good). However the skill's templates write files (create-agent scaffolds a project) and run-agent executes code from agent files, so installed/generated agents can persist code to disk and execute it later. Autonomous invocation is allowed (platform default) — combine that with the SDK's powerful tools (shell, file I/O, MCP clients) and the blast radius increases if used autonomously or with broad credentials.
What to consider before installing
This skill is largely coherent with its stated purpose (a Strands SDK), but pay attention to three things before installing or running it: 1) Metadata mismatch — the registry claims no required env vars but the docs/examples require AWS credentials and several provider API keys; treat that as a red flag and verify which keys you supply. 2) Powerful default tools — the scaffolded agent includes file read/write and run_command (subprocess with shell=True). Remove or tightly restrict these tools unless you trust the agent code and execution environment. 3) Code execution surface — run-agent imports and executes arbitrary agent Python files and the SDK supports hot-reloading tools directories; only load agents and tools from trusted sources and consider running them in an isolated container, VM, or least‑privileged account. Operational suggestions: use a dedicated, limited-privilege AWS account/role for Bedrock access (or avoid Agent() default Bedrock by always passing model=), avoid placing real production secrets in environment variables used by this skill, audit and remove the run_command tool if you don't need shell access, and review any scaffolded code before running. If you need higher confidence, request the skill author/publisher identity or prefer an official release from the upstream repo (https://github.com/strands-agents/sdk-python) and validate versions and checksums.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ba4snf55x2ma4p0wvxtg37580jdfw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧬 Clawdis
Binspython3

Comments