CrewAI policy index

14 rules — 7 tool · 6 agent · 1 repo

Risk score = severity_weight × confidence × 100 (engine formula; weights: low=0.15, medium=0.40, high=0.70). Higher = worse.

	Id	SDK/ADK	Scope	Applies To	Policy	Severity	Confidence	Risk	Source
1	CREW-001	CrewAI	tool	crewai_tool	CrewAI tool has no description	low	0.90	13.5	tool_definition.yaml
2	CREW-002	CrewAI	tool	crewai_tool	CrewAI tool parameters are not type-annotated	medium	0.85	34.0	tool_definition.yaml
3	CREW-003	CrewAI	tool	crewai_tool	CrewAI tool body evaluates dynamic code	high	0.85	59.5	code_execution.yaml
4	CREW-004	CrewAI	tool	crewai_tool	CrewAI tool body spawns a subprocess	high	0.85	59.5	shell_safety.yaml
5	CREW-005	CrewAI	tool	crewai_tool	CrewAI tool fetches a caller-controlled URL (SSRF)	high	0.80	56.0	ssrf.yaml
6	CREW-006	CrewAI	tool	crewai_tool	Mutating CrewAI tool has no idempotency key	medium	0.55	22.0	idempotency.yaml
7	CREW-101	CrewAI	agent	crewai_agent	CrewAI agent enables built-in code execution	high	0.90	63.0	agent_safety.yaml
8	CREW-102	CrewAI	agent	crewai_agent	CrewAI agent runs code execution in unsafe mode	high	0.90	63.0	agent_safety.yaml
9	CREW-103	CrewAI	agent	crewai_agent	CrewAI agent wires the code-interpreter built-in tool	high	0.85	59.5	code_execution.yaml
10	CREW-104	CrewAI	agent	crewai_agent	CrewAI agent allows delegation to peer agents	medium	0.75	30.0	agent_safety.yaml
11	CREW-106	CrewAI	agent	crewai_agent	CrewAI agent grants an unconstrained FileReadTool	high	0.70	49.0	dangerous_tools.yaml
12	CREW-107	CrewAI	agent	crewai_agent	CrewAI agent wires a tool that fetches model-chosen URLs	medium	0.70	28.0	dangerous_tools.yaml
13	CREW-108	CrewAI	tool	crewai_tool	CrewAI tool returns its output as the final answer	medium	0.60	24.0	tool_behavior.yaml
14	CREW-201	CrewAI	repo	crewai	CrewAI project ships no agent-guidance doc (AGENTS.md/CLAUDE.md)	low	0.90	13.5	repo_hygiene.yaml