agentica-sdk

github.com/parcadei/continuous-claude-v3
Verdict: Proceed with caution
0 critical0 high22 medium
C
SCORE 55 / 100
$skillox install agentica-sdkSoon
Sign in to followFollowing emails you when a re-scan drops the grade. Opt-out is per-creator on /account/billing.

Why grade C?

score · 55 / 100

The current grade reflects 22 medium findings (6+ MEDs → C).

0 CRIT0 HIGH22 MED0 LOW
To reach a higher grade
  • B
    Reach Btarget score 75

    Resolve 17 of 22 MED (cap is 5).

  • A
    Reach Atarget score 95

    Resolve 20 of 22 MED (cap is 2).

Thresholds are documented at /docs/grading. Source-of-truth is the grade() function in @skillox/scanner.

Latest scan findings

Scan crawl-aj1k22d4ewplcputhtol4tky · Thu, 28 May 2026 17:41:25 GMT · 1ms

med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 3CWE-78
1---
2name: agentica-sdk
3description: Build Python agents with Agentica SDK - @agentic decorator, spawn(), persistence, MCP integrationspawns a subprocess outside declared capabilities
4allowed-tools: [Bash, Read, Write, Edit]
5---
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 40CWE-78
38from agentica import spawn
39
40agent = await spawn(premise="You are a truth-teller.")spawns a subprocess outside declared capabilities
41result: bool = await agent.call(bool, "The Earth is flat")
42# Returns: False
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 65CWE-78
63```python
64# Premise: adds to default system prompt
65agent = await spawn(premise="You are a math expert.")spawns a subprocess outside declared capabilities
66
67# System: full control (replaces default)
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 68CWE-78
66
67# System: full control (replaces default)
68agent = await spawn(system="You are a JSON-only responder.")spawns a subprocess outside declared capabilities
69```
70
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 83CWE-78
81
82# In spawn
83agent = await spawn(spawns a subprocess outside declared capabilities
84 premise="Data analyzer",
85 scope={"analyze": custom_analyzer}
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 116CWE-78
114## Agent Instantiation
115
116### spawn() - Async (most cases)spawns a subprocess outside declared capabilities
117
118```python
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 119CWE-78
117
118```python
119agent = await spawn(premise="Helpful assistant")spawns a subprocess outside declared capabilities
120```
121
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 129CWE-78
127class CustomAgent:
128 def __init__(self):
129 # Synchronous - use Agent() not spawn()spawns a subprocess outside declared capabilities
130 self._brain = Agent(
131 premise="Specialized assistant",
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 143CWE-78
141```python
142# In spawn
143agent = await spawn(spawns a subprocess outside declared capabilities
144 premise="Fast responses",
145 model="openai:gpt-5" # Default: openai:gpt-4.1
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 173CWE-78
171```
172
173For `spawn()` agents, state is automatic across calls to the same instance.spawns a subprocess outside declared capabilities
174
175## Token Limits
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 181CWE-78
179
180# Simple limit
181agent = await spawn(spawns a subprocess outside declared capabilities
182 premise="Brief responses",
183 max_tokens=500
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 187CWE-78
185
186# Fine-grained control
187agent = await spawn(spawns a subprocess outside declared capabilities
188 premise="Controlled output",
189 max_tokens=MaxTokens(
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 202CWE-78
200from agentica import spawn, last_usage, total_usage
201
202agent = await spawn(premise="You are helpful.")spawns a subprocess outside declared capabilities
203await agent.call(str, "Hello!")
204
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 228CWE-78
226import asyncio
227
228agent = await spawn(premise="You are helpful.")spawns a subprocess outside declared capabilities
229
230stream = StreamLogger()
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 251CWE-78
249
250# Via config file
251agent = await spawn(spawns a subprocess outside declared capabilities
252 premise="Tool-using agent",
253 mcp="path/to/mcp_config.json"
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 288CWE-78
286# File only
287with FileLogger():
288 agent = await spawn(premise="Debug agent")spawns a subprocess outside declared capabilities
289 await agent.call(int, "Calculate")
290
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 293CWE-78
291# Silent
292with NoLogging():
293 agent = await spawn(premise="Silent agent")spawns a subprocess outside declared capabilities
294```
295
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 307CWE-78
305)
306
307agent = await spawn(spawns a subprocess outside declared capabilities
308 premise="Custom logging",
309 listener=PrintOnlyListener
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 313CWE-78
311
312# Silent agent
313agent = await spawn(spawns a subprocess outside declared capabilities
314 premise="Silent agent",
315 listener=NoopListener
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 489CWE-78
487Before using Agentica:
488- [ ] Functions with `@agentic()` MUST be `async`
489- [ ] `spawn()` returns awaitable - use `await spawn(...)`spawns a subprocess outside declared capabilities
490- [ ] `agent.call()` is awaitable - use `await agent.call(...)`
491- [ ] First arg to `call()` is return type, second is prompt string
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 493CWE-78
491- [ ] First arg to `call()` is return type, second is prompt string
492- [ ] Use `persist=True` for conversation memory in `@agentic`
493- [ ] Use `Agent()` (not `spawn()`) in synchronous `__init__`spawns a subprocess outside declared capabilities
494- [ ] Document exceptions in docstrings for agent to raise them
495- [ ] Import listeners from `agentica.logging.agent_listener` (NOT `agentica.logging`)
med
No capability manifest declared
The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.
rule: no-manifest
View latest scan →
skillox.io/c/agentica-sdk