Back to skill

Security audit

aws-ecs-monitor

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate AWS ECS monitoring skill, but it needs Review because it reads sensitive production logs and infrastructure state with one load-balancer check broader than the selected services.

Install only if you are comfortable letting this skill use an AWS CLI profile to read ECS service state, ELB target health, and CloudWatch logs. Use a dedicated read-only AWS role scoped as tightly as possible to the intended region, cluster, services, target groups, and log groups; set ECS_SERVICES explicitly; and keep generated health/log reports in a protected directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill documentation describes shell execution, environment-variable driven behavior, AWS CLI access, and file writes, but the manifest does not declare corresponding permissions. This creates a trust and review gap: users or orchestration systems may approve the skill without understanding that it can read environment configuration, invoke external commands, and write diagnostic artifacts to disk.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The script writes service-selection data to a predictable temporary file in /tmp using the process ID in the filename and then reads it back later. In a multi-user environment, predictable tmp paths are vulnerable to symlink, race-condition, or pre-creation attacks that could cause the script to read attacker-controlled data or overwrite/delete unintended files if run with elevated privileges.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.