Strands Agents SDK

Build and run Python-based AI agents using the AWS Strands SDK. Use when you need to create autonomous agents, multi-agent workflows, custom tools, or integrate with MCP servers. Supports Ollama (local), Anthropic, OpenAI, Bedrock, and other model providers. Use for agent scaffolding, tool creation, and running agent tasks programmatically.

This SDK appears to be what it claims (a Strands agent SDK) but has a few important mismatches you should consider before installing: - Verify source and integrity: the manifest points at a GitHub homepage; confirm the upstream repo, release tag, and checksum for the Python packages (strands-agents, strands-agents-tools, strands-agents-builder) before pip installing. - Credentials are required but not declared: the skill will behave as if it needs AWS credentials (Bedrock/S3), ANTHROPIC_API_KEY, OPENAI_API_KEY, and other provider keys. Do not supply broad/long-lived AWS keys; prefer least-privilege or temporary credentials and explicit provider selection (pass model= to avoid implicit Bedrock usage). - Generated scaffolds include powerful tools by default: the example agent templates include tools to read/write arbitrary files and run shell commands (subprocess.run with shell=True). If you run generated agents, either remove or sandbox these tools (or restrict their allowed paths/commands) to prevent accidental data leakage or command execution. - Run in an isolated environment: test in a sandboxed VM/container without sensitive credentials mounted, or with limited-role AWS credentials, before using on a production machine. - Audit generated code: review the files produced by create-agent.py and any third-party packages it installs (strands-tools, strands-agents) for unexpected network endpoints or hidden behaviors. Pay attention to MCP examples that spawn external commands or connect to arbitrary endpoints. If you need a conservative setup: explicitly specify a local provider (Ollama) or a provider you control, remove the run_command/file_read/file_write tools from the default toolset, and only add provider credentials when necessary. If you want more assurance, request an upstream signed release or a reproducible package build before trusting it with secrets or broad system access.

Type: OpenClaw Skill Name: strands Version: 2.0.3 This skill bundle is classified as suspicious due to the inherent high-risk capabilities it provides for AI agents. The `SKILL.md` and `references/cheatsheet.md` openly advertise built-in tools such as `shell`, `http_request`, `file_read`, `file_write`, `python_repl`, and `environment`. Furthermore, the `scripts/create-agent.py` script generates agents that include `run_command` (executing `subprocess.run(command, shell=True)`), `read_file`, and `write_file` tools. While these capabilities are transparently presented as features of an AI agent SDK, they grant extensive access to the host system (file system, shell, network, environment variables), which could be leveraged for data exfiltration, persistence, or arbitrary code execution if the agent or its user has malicious intent. There is no clear evidence of intentional malicious behavior within the skill bundle itself, such as hidden exfiltration targets or obfuscated payloads, but the broad permissions and execution capabilities warrant a 'suspicious' classification.