python-sdk

This manifest/documentation is consistent with a legitimate SDK that integrates with inference.sh and provides powerful agent and tool-building capabilities. However, multiple features create notable supply-chain and data-exfiltration risks if used without strict controls: automatic file uploads, webhook tools that can forward secrets to arbitrary URLs, transitive skill installation (npx skills add / agent_tool refs), and examples that enable code execution and broad tool permissions. The allowed-tools wildcard for Python execution is an especially high-risk configuration in an agent context. I did not find explicit obfuscated or clearly malicious code in the content provided, but the combination of transitive installs, file uploads, webhook forwarding, and execution capabilities makes misuse, credential harvesting, or accidental data leaks plausible. Recommend: require explicit, per-file confirmation for uploads in high-sensitivity contexts; avoid wildcard execution permissions; pin third-party skill versions; require audited webhook endpoints and enforce least-privilege and human approval for actions that forward secrets or upload sensitive files.