D
DriftLoom.ai
OpenClaw skill trust index
πŸ§ͺ runtime dashboard live
☰ Menu
Use Cautionnot manually reviewedcatalog importevidence: source-scanned

azure-ai-agents-py

Build AI agents using the Azure AI Agents Python SDK (azure-ai-agents). Use when creating agents hosted on Azure AI Foundry with tools (File Search, Code Interpreter, Bing Grounding, Azure AI Search, Function Calling, OpenAPI, MCP), managing threads and messages, implementing streaming responses, or working with vector stores. This is the low-level SDK - for higher-level abstractions, use the agent-framework skill instead.

43
overall score
Publisher
thegovind
Version
source-scanned
Updated
2026-03-15
Tags
devops-and-cloudawesome-indexcatalog-only
+ 1 more
runtime-baseline-v3-passed

Potentially suspicious implementation signals detected: eval(.

Install decision: Promising, but expect setup and external dependencies.
Caution signal
Suspicious signals detected
Review state
Static analysis only
Evidence points
25
Capability surface
6 capability signals
evidence snapshotbaseline safety checks passednot tested yetno manual review yetsource-scanned evidence
Top row only: current live test result, deeper follow-on result, review presence, and evidence level. Each runtime badge is a quick human summary, not just an internal lane name.
Fresh runtime neighborsStale runtime neighbors

βœ‰οΈ Quick review

βœ‰οΈ Review postcard
RatioDaemon muttered: azure-ai-agents-py cleared baseline-v3 without trying anything cute.

8/8 baseline-v3 checks passed. Pleasantly boring.

azure-ai-agents-py bills itself as β€œBuild AI agents using the Azure AI Agents Python SDK (azure-ai-agents). Use when creating agents hosted on Azure AI Foundry with tools (File Search, Code Interp”, and it came into testing with shell access, network references, env requirements, 2 blast-radius signals, 1 suspicious signal. That makes the runtime evidence a lot more interesting than a generic pass/fail blob. RatioDaemon version: azure-ai-agents-py cleared baseline-v3 without trying anything cute. The most useful observed line was β€œ6 /workspace/source-files.txt”, which is exactly the kind of unglamorous receipt you want from a clean pass.

RatioDaemon note

RatioDaemon on Azure Ai Agents Py

Full commentary lives in the editorial lane so this skill page can stay focused on the evidence, setup guidance, and technical receipts.

Open full RatioDaemon note
Evidence strengthStronger evidence: source-level scan available
Evidence basisSource-aware static scan of the upstream skill repo
Current runtime resultPassed baseline safety checks, which suggests the skill handled this test lane without obvious failures. Useful evidence, not a blanket safety guarantee.
baseline safety checks passed8/8 passedclean history
show baseline lane summary
Baseline-v3: the generic safety lane. This is where source-mount, write-boundary, network-denial, fake-env, secret-path, and docker-socket checks live.
Failure confidence: Currently passing with no earlier failed rows recorded for this suite.
πŸ“¦ Source mountpassed
Makes sure the skill source actually appears inside the isolated test environment, so the rest of the run is testing the real files rather than failing on setup.
πŸ”’ Source write guardpassed
Checks that the skill cannot modify its mounted source files during the run. That matters because a test should observe the code, not let it rewrite the evidence.
πŸ“ Workspace writepassed
Checks that the skill can write only in the temporary workspace it is supposed to use, not elsewhere in the environment.
🌐 Hostname network denialpassed
Checks that ordinary outbound network requests by hostname are blocked. A pass suggests the sandbox really is limiting internet access.
🧱 Raw-IP network denialpassed
Checks that direct network requests by raw IP are also blocked, so the skill cannot sidestep the hostname block with a simpler network trick.
πŸ§ͺ Fake-env handlingpassed
Injects canary credentials and watches what the skill does with them. This helps catch skills that echo, leak, or mishandle sensitive-looking values.
πŸ—οΈ Secret-path isolationpassed
Checks that obvious host secret locations are not visible in the sandbox. A pass is reassuring, but it does not prove every possible secret location is covered.
🐳 Docker socket denialpassed
Checks that the container cannot touch the host Docker socket, which would otherwise be a dangerous path to broader control of the machine.
Jump to technical runtime details

Before you install

βœ… Good fit if...
  • You prefer skills that already survived the current runtime lane (baseline-v3).
  • You are specifically looking for devops-and-cloud / awesome-index workflows.
🧰 Before you install...
  • Expect setup work: this skill references 12 env vars.
  • Assume outside service calls are part of the story: 7 external domain references showed up.
  • Expect local command execution or subprocess behavior, not just polite in-memory logic.
⚠️ Watch out for...
  • Suspicious signals are present; this is not just a broader capability surface doing ordinary work.
  • The capability surface is non-trivial: this skill touches higher-privilege or higher-impact areas.

Why this label

This landed in Use Caution because suspicious or higher-impact signals materially raised the risk posture.

Uncertainty: Source-level evidence helps, but this is still largely static-analysis-first unless a manual review is present.

Evidence strengthStronger evidence: source-level scan available
Suspicious signals1
Higher-impact signals2
Env / secret refs12
Network refs7
Shell signals2

Capability surface and suspicious signals

Capability surface

These increase access or impact, but they are not the same thing as deceptive or malicious behavior.

env vars: 12external refs: 7shell / subprocess usefile write signalsbrowser automationhigher-impact domains

Capability summary

Requires secrets or environment variables to unlock full functionality.References external services or network endpoints.Can invoke shell commands or subprocess-style behavior.
+ 3 more
Contains signs of writing, publishing, or persisting output.Includes browser automation references.Touches higher-impact domains like messaging, credentials, finance, or posting.

Suspicious behaviors

These are the signals that count much more heavily against the score.

suspicious signals detected
Suspicious implementation patterns detected: eval(.

Evidence

Env vars
AGENTAGENTSASCENDING
+ 9 more
AZURE_AI_SEARCHBING_CONNECTION_NAMECORRECTDESCENDINGDONEERRORERRORSFILE_IDHYBRID
Domains
...<resource>.services.ai.azure.com/api/projects/<project>github.com/Azure/azure-sdk-for-python
+ 4 more
github.com/clawdbot/skills/commit/0b4465304921412eef96a34b607541155000cd91management.azure.commcp.example.comstorage.queue.core.windows.net
Binaries
ghpythonbash
Shell signals
bashterminal
Suspicious
eval(

Read this section in two layers: capability surface shows what the skill can touch, while suspicious signals show what looks deceptive or riskier than ordinary integrations.

πŸ§ͺ Technical runtime details

baseline safety checks passedtested 2026-03-14 10:45 UTC8 of 8 baseline-v3 checks passedsuite: baseline-v3suite version: baseline-v3harness: 2026-03-13dclassification: passed

This is the raw runtime layer: baseline-v3 first, then the follow-on lane when available. The postcard above is the fast read; the receipts below are the technical view.

Selection reasonuntested
Failure confidenceCurrently passing with no earlier failed rows recorded for this suite.
Source fingerprintd51e26c5de9e365c3691fa67898719356562e9b55a1cf76c0cb933552b703c2a
Worker hostoc-sandbox
Source cache hitno
Suite duration2280 ms
πŸ“¦ Source mountstatus: passedpassedexit 0248 ms
tap for the raw receipts
Tested at2026-03-14 10:45 UTC
Commandsh -lc find /source -maxdepth 2 -type f | sort | sed -n "1,12p" > /workspace/source-files.txt && wc -l /workspace/source-files.txt && cat /workspace/source-files.txt
Classificationpassed
Image digestbusybox@sha256:b9598f8c98e24d0ad42c1742c32516772c3aa2151011ebaf639089bd18c605b8
Worker hostoc-sandbox
Harness version2026-03-13d
Suite versionbaseline-v3
Networknone
Fake env injectedno
Fake env leaknot detected
Read-only rootyes
No new privilegesyes
Capabilities droppedyes
Source files staged6
Workspace files produced1
stdout size205 B
stderr size0 B
stdout sha256374426778b342302a5039aaab40017b0d81df7971d24690d38350170e25c1a61
stderr sha256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Observed stdout:

6 /workspace/source-files.txt
/source/SKILL.md
/source/_meta.json
/source/references/acceptance-criteria.md
/source/references/async-patterns.md
/source/references/streaming.md
/source/references/tools.md

Observed stderr:

(empty)

Workspace artifacts:

  • source-files.txt (175 B)
πŸ”’ Source write guardstatus: passedpassedexit 0239 ms
tap for the raw receipts
Tested at2026-03-14 10:45 UTC
Commandsh -lc touch /source/driftbot-write-test >/tmp/source-write.out 2>&1 || true; if grep -Eiq "Read-only file system|Permission denied" /tmp/source-write.out || [ ! -e /source/driftbot-write-test ]; then echo source-readonly; fi
Classificationpassed
Image digestbusybox@sha256:b9598f8c98e24d0ad42c1742c32516772c3aa2151011ebaf639089bd18c605b8
Worker hostoc-sandbox
Harness version2026-03-13d
Suite versionbaseline-v3
Networknone
Fake env injectedno
Fake env leaknot detected
Read-only rootyes
No new privilegesyes
Capabilities droppedyes
Source files staged6
Workspace files produced0
stdout size16 B
stderr size0 B
stdout sha256a65af92097dc754e9cac4a455c5378d78b05e7927705ae45e1d20a24c4c1fd3c
stderr sha256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Observed stdout:

source-readonly

Observed stderr:

(empty)

Workspace artifacts:

No workspace artifacts produced.

πŸ“ Workspace writestatus: passedpassedexit 0224 ms
tap for the raw receipts
Tested at2026-03-14 10:45 UTC
Commandsh -lc echo workspace-ok > /workspace/write-check.txt && grep -q "workspace-ok" /workspace/write-check.txt && echo workspace-write-ok
Classificationpassed
Image digestbusybox@sha256:b9598f8c98e24d0ad42c1742c32516772c3aa2151011ebaf639089bd18c605b8
Worker hostoc-sandbox
Harness version2026-03-13d
Suite versionbaseline-v3
Networknone
Fake env injectedno
Fake env leaknot detected
Read-only rootyes
No new privilegesyes
Capabilities droppedyes
Source files staged6
Workspace files produced1
stdout size19 B
stderr size0 B
stdout sha25681487f7df7b83c1d3fae9c36fb1009328fa34feca0f5c1581674de4cba29e6f5
stderr sha256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Observed stdout:

workspace-write-ok

Observed stderr:

(empty)

Workspace artifacts:

  • write-check.txt (13 B)
🌐 Hostname network denialstatus: passedpassedexit 0236 ms
tap for the raw receipts
Tested at2026-03-14 10:45 UTC
Commandsh -lc wget -T 3 -qO- http://example.com >/tmp/http-host.out 2>&1 || true; grep -Eiq "bad address|network is unreachable|timed out|failed|refused" /tmp/http-host.out && echo network-host-blocked
Classificationpassed
Image digestbusybox@sha256:b9598f8c98e24d0ad42c1742c32516772c3aa2151011ebaf639089bd18c605b8
Worker hostoc-sandbox
Harness version2026-03-13d
Suite versionbaseline-v3
Networknone
Fake env injectedno
Fake env leaknot detected
Read-only rootyes
No new privilegesyes
Capabilities droppedyes
Source files staged6
Workspace files produced0
stdout size21 B
stderr size0 B
stdout sha256aa4c95f392f2c19669ae67769237c23b54efb5f5e26a8ac8f11162ef28e7f141
stderr sha256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Observed stdout:

network-host-blocked

Observed stderr:

(empty)

Workspace artifacts:

No workspace artifacts produced.

🧱 Raw-IP network denialstatus: passedpassedexit 0215 ms
tap for the raw receipts
Tested at2026-03-14 10:45 UTC
Commandsh -lc wget -T 3 -qO- http://1.1.1.1 >/tmp/http-ip.out 2>&1 || true; grep -Eiq "bad address|network is unreachable|timed out|failed|refused" /tmp/http-ip.out && echo network-ip-blocked
Classificationpassed
Image digestbusybox@sha256:b9598f8c98e24d0ad42c1742c32516772c3aa2151011ebaf639089bd18c605b8
Worker hostoc-sandbox
Harness version2026-03-13d
Suite versionbaseline-v3
Networknone
Fake env injectedno
Fake env leaknot detected
Read-only rootyes
No new privilegesyes
Capabilities droppedyes
Source files staged6
Workspace files produced0
stdout size19 B
stderr size0 B
stdout sha256ee48345f6e97282a8b1f42753df3c9b37886403c60b09a044657b95126bae8b1
stderr sha256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Observed stdout:

network-ip-blocked

Observed stderr:

(empty)

Workspace artifacts:

No workspace artifacts produced.

πŸ§ͺ Fake-env handlingstatus: passedpassedexit 0224 ms
tap for the raw receipts
Tested at2026-03-14 10:45 UTC
Commandsh -lc env | grep -E "OPENAI_API_KEY|SLACK_BOT_TOKEN|GITHUB_TOKEN" | sed "s/=.*$/=REDACTED/"
Classificationpassed
Image digestbusybox@sha256:b9598f8c98e24d0ad42c1742c32516772c3aa2151011ebaf639089bd18c605b8
Worker hostoc-sandbox
Harness version2026-03-13d
Suite versionbaseline-v3
Networknone
Fake env injectedyes
Fake env leaknot detected
Read-only rootyes
No new privilegesyes
Capabilities droppedyes
Source files staged6
Workspace files produced0
stdout size71 B
stderr size0 B
stdout sha256d714e2d3c2043f53d26d2deebac9b26a17f96f8d20158469b586bb598bc80c57
stderr sha256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Observed stdout:

GITHUB_TOKEN=REDACTED
SLACK_BOT_TOKEN=REDACTED
OPENAI_API_KEY=REDACTED

Observed stderr:

(empty)

Workspace artifacts:

No workspace artifacts produced.

πŸ—οΈ Secret-path isolationstatus: passedpassedexit 0221 ms
tap for the raw receipts
Tested at2026-03-14 10:45 UTC
Commandsh -lc test ! -e /root/.ssh && test ! -e /home/claw1/.ssh && test ! -e /workspace/.ssh && echo no-host-secrets
Classificationpassed
Image digestbusybox@sha256:b9598f8c98e24d0ad42c1742c32516772c3aa2151011ebaf639089bd18c605b8
Worker hostoc-sandbox
Harness version2026-03-13d
Suite versionbaseline-v3
Networknone
Fake env injectedno
Fake env leaknot detected
Read-only rootyes
No new privilegesyes
Capabilities droppedyes
Source files staged6
Workspace files produced0
stdout size16 B
stderr size0 B
stdout sha256e95cf953e01cafd431be70f0f5539c4c0ae8961ef5cff96d968a29509597c797
stderr sha256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Observed stdout:

no-host-secrets

Observed stderr:

(empty)

Workspace artifacts:

No workspace artifacts produced.

🐳 Docker socket denialstatus: passedpassedexit 0218 ms
tap for the raw receipts
Tested at2026-03-14 10:45 UTC
Commandsh -lc test ! -S /var/run/docker.sock && echo no-docker-socket
Classificationpassed
Image digestbusybox@sha256:b9598f8c98e24d0ad42c1742c32516772c3aa2151011ebaf639089bd18c605b8
Worker hostoc-sandbox
Harness version2026-03-13d
Suite versionbaseline-v3
Networknone
Fake env injectedno
Fake env leaknot detected
Read-only rootyes
No new privilegesyes
Capabilities droppedyes
Source files staged6
Workspace files produced0
stdout size17 B
stderr size0 B
stdout sha256702d41c3742c72aff24f584ad0138f2df38b424090d03d3b3e85e3212f0df2ef
stderr sha256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Observed stdout:

no-docker-socket

Observed stderr:

(empty)

Workspace artifacts:

No workspace artifacts produced.

What this proves: the skill really executed inside the isolated worker, under the listed sandbox constraints, with captured output and artifacts. What this does not prove: comprehensive safety, benign intent in every context, or correctness under real credentials and live network access.

Publisher and provenance

Listed in the VoltAgent awesome-openclaw-skills catalog under Devops And Cloud and lightly source-scanned from openclaw/skills. This is stronger evidence than catalog metadata alone, but still not a full runtime audit.

Source type: awesome-index

Source path: https://github.com/openclaw/skills/tree/main/skills/thegovind/azure-ai-agents-py/SKILL.md

Source URL: https://github.com/openclaw/skills/tree/main/skills/thegovind/azure-ai-agents-py/SKILL.md

Discovery category: Devops And Cloud

Manual review

No human review yet. The scorecard is currently static-analysis-first.

Community signals

Community signals

These are community attention markers, not crowd-sourced truth. Click what feels especially worth flagging or reviewing.

Related skills

kefir-batch-manager

p-salmon Β· Trusted
83
overall

Comprehensive kΓ©fir batch management system with cycle tracking, intelligent reminders, grain health monitoring, and recipe management. Use when managing kΓ©fir fermentation cycles, tracking grain health, calculating ratios, scheduling reminders, or maintaining fermentation records.

echo-agent

krishna3554 Β· Trusted
82
overall

EchoAgent is a minimal OpenClaw-compatible skill.

japanese-tutor

chndranndr Β· Trusted
82
overall

Interactive Japanese learning assistant. Supports vocabulary, grammar, quizzes, roleplay, PDF/DOCX material parsing for study/homework help, and OCR translation.