AWS Cognito Auth
v1.0.0Use this skill for ANY task involving AWS Cognito — user pools, identity pools, authentication flows, token handling, social/enterprise federation, MFA, Lamb...
⭐ 0· 63·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (AWS Cognito guidance, code patterns, IaC, triggers, security) match the provided content: lots of documentation and examples for Cognito use-cases. The skill does not request unrelated credentials or binaries.
Instruction Scope
SKILL.md directs the agent to read the included reference files and generate code/config. The references include sample Lambda handlers and SDK/CDK code that call AWS APIs, use environment variables (e.g., USER_POOL_ID, CLIENT_ID, USERS_TABLE) and recommend using AWS credentials/Secrets Manager for admin actions — which is expected for a Cognito skill, but the guidance implicitly assumes the user will supply AWS creds when they deploy/run generated code.
Install Mechanism
No install spec and no code files that would be executed by the platform; this is instruction-only, so nothing downloaded or installed by the skill itself.
Credentials
The skill declares no required environment variables (none requested), which is reasonable for an instruction-only skill. However the included examples reference many env vars and AWS credentials for admin/API operations; be aware you will need to provide appropriate AWS credentials and secrets when you run generated code. The skill itself does not attempt to read or demand those secrets at install time.
Persistence & Privilege
always:false, no installers, and no modification of other skills or system-wide settings. Autonomous invocation is enabled (default) but is not combined with other concerning privileges.
Assessment
This skill is a documentation/authoring helper for AWS Cognito and appears internally consistent. It will show and generate code that expects you to provide AWS credentials, environment variables (USER_POOL_ID, CLIENT_ID, USERS_TABLE, etc.), and possibly Secrets Manager entries when you deploy the generated Lambdas/clients — but the skill does not itself collect or require those secrets. Before using it: 1) do not paste long-lived AWS credentials into chat; prefer IAM roles with least privilege for admin operations and use Secrets Manager for client secrets; 2) review any generated Pre-Token-Generation or Lambda trigger code carefully — these modify tokens and can elevate claims (e.g., inject admin roles) if misused; 3) ensure token storage and refresh patterns follow the security guidance in the references (avoid localStorage, use HttpOnly cookies or platform-provided secure storage); 4) when deploying triggers, verify they run within the 5s Cognito timeout and have appropriate IAM permissions scoped to specific resources; 5) confirm you are comfortable granting whatever runtime AWS credentials are necessary to execute the code the skill generates. If you want the skill to perform live AWS actions on your behalf, ask the publisher how it expects credentials to be provided and audited; otherwise using it as a documentation/authoring aid is low-risk.Like a lobster shell, security has layers — review code before you run it.
latestvk974wnbbregezdg8nvr758w6y983zg3f
License
MIT-0
Free to use, modify, and redistribute. No attribution required.