agentica-sdk

https://raw.githubusercontent.com/parcadei/continuous-claude-v3/main/.claude/skills/agentica-sdk/SKILL.md

github.com/parcadei/continuous-claude-v3

Scanned Thu, 28 May 2026 17:41:25 GMT

Scan ID crawl-aj1k22d4ewplcputhtol4tky · 1ms

SCORE 55 / 100

Verdict: Proceed with caution

22 medium findings.

This skill spawns subprocesses outside its declared capabilities plus 21 other issues listed below.

0 critical0 high22 medium-10 rules passed

Why grade C?

score · 55 / 100

The current grade reflects 22 medium findings (6+ MEDs → C).

0 CRIT0 HIGH22 MED0 LOW

To reach a higher grade

B
Reach Btarget score 75
Resolve 17 of 22 MED (cap is 5).
A
Reach Atarget score 95
Resolve 20 of 22 MED (cap is 2).

Thresholds are documented at /docs/grading. Source-of-truth is the grade() function in @skillox/scanner.

Findings · ordered by severity

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 3CWE-78

▾

1---

2name: agentica-sdk

3description: Build Python agents with Agentica SDK - @agentic decorator, spawn(), persistence, MCP integration← spawns a subprocess outside declared capabilities

4allowed-tools: [Bash, Read, Write, Edit]

5---

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 40CWE-78

▾

38from agentica import spawn

40agent = await spawn(premise="You are a truth-teller.")← spawns a subprocess outside declared capabilities

41result: bool = await agent.call(bool, "The Earth is flat")

42# Returns: False

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 65CWE-78

▾

63```python

64# Premise: adds to default system prompt

65agent = await spawn(premise="You are a math expert.")← spawns a subprocess outside declared capabilities

67# System: full control (replaces default)

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 68CWE-78

▾

67# System: full control (replaces default)

68agent = await spawn(system="You are a JSON-only responder.")← spawns a subprocess outside declared capabilities

69```

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 83CWE-78

▾

82# In spawn

83agent = await spawn(← spawns a subprocess outside declared capabilities

84 premise="Data analyzer",

85 scope={"analyze": custom_analyzer}

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 116CWE-78

▾

114## Agent Instantiation

115

116### spawn() - Async (most cases)← spawns a subprocess outside declared capabilities

117

118```python

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 119CWE-78

▾

117

118```python

119agent = await spawn(premise="Helpful assistant")← spawns a subprocess outside declared capabilities

120```

121

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 129CWE-78

▾

127class CustomAgent:

128 def __init__(self):

129 # Synchronous - use Agent() not spawn()← spawns a subprocess outside declared capabilities

130 self._brain = Agent(

131 premise="Specialized assistant",

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 143CWE-78

▾

141```python

142# In spawn

143agent = await spawn(← spawns a subprocess outside declared capabilities

144 premise="Fast responses",

145 model="openai:gpt-5" # Default: openai:gpt-4.1

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 173CWE-78

▾

171```

172

173For `spawn()` agents, state is automatic across calls to the same instance.← spawns a subprocess outside declared capabilities

174

175## Token Limits

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 181CWE-78

▾

179

180# Simple limit

181agent = await spawn(← spawns a subprocess outside declared capabilities

182 premise="Brief responses",

183 max_tokens=500

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 187CWE-78

▾

185

186# Fine-grained control

187agent = await spawn(← spawns a subprocess outside declared capabilities

188 premise="Controlled output",

189 max_tokens=MaxTokens(

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 202CWE-78

▾

200from agentica import spawn, last_usage, total_usage

201

202agent = await spawn(premise="You are helpful.")← spawns a subprocess outside declared capabilities

203await agent.call(str, "Hello!")

204

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 228CWE-78

▾

226import asyncio

227

228agent = await spawn(premise="You are helpful.")← spawns a subprocess outside declared capabilities

229

230stream = StreamLogger()

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 251CWE-78

▾

249

250# Via config file

251agent = await spawn(← spawns a subprocess outside declared capabilities

252 premise="Tool-using agent",

253 mcp="path/to/mcp_config.json"

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 288CWE-78

▾

286# File only

287with FileLogger():

288 agent = await spawn(premise="Debug agent")← spawns a subprocess outside declared capabilities

289 await agent.call(int, "Calculate")

290

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 293CWE-78

▾

291# Silent

292with NoLogging():

293 agent = await spawn(premise="Silent agent")← spawns a subprocess outside declared capabilities

294```

295

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 307CWE-78

▾

305)

306

307agent = await spawn(← spawns a subprocess outside declared capabilities

308 premise="Custom logging",

309 listener=PrintOnlyListener

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 313CWE-78

▾

311

312# Silent agent

313agent = await spawn(← spawns a subprocess outside declared capabilities

314 premise="Silent agent",

315 listener=NoopListener

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 489CWE-78

▾

487Before using Agentica:

488- [ ] Functions with `@agentic()` MUST be `async`

489- [ ] `spawn()` returns awaitable - use `await spawn(...)`← spawns a subprocess outside declared capabilities

490- [ ] `agent.call()` is awaitable - use `await agent.call(...)`

491- [ ] First arg to `call()` is return type, second is prompt string

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 493CWE-78

▾

491- [ ] First arg to `call()` is return type, second is prompt string

492- [ ] Use `persist=True` for conversation memory in `@agentic`

493- [ ] Use `Agent()` (not `spawn()`) in synchronous `__init__`← spawns a subprocess outside declared capabilities

494- [ ] Document exceptions in docstrings for agent to raise them

495- [ ] Import listeners from `agentica.logging.agent_listener` (NOT `agentica.logging`)

med

No capability manifest declared

The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.

rule: no-manifest

▾

Scan another →Share

skillox.io/r/crawl-aj1k22d4ewplcputhtol4tky