ClawHub

AWS Cognito Auth

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only AWS Cognito helper; its auth and credential examples need careful use, but there is no hidden execution, data collection, or persistence.

Install this only if you want AWS Cognito assistance. Before deploying generated code, review IAM permissions, callback URLs, token handling, and Lambda trigger behavior; prefer AWS SSO, IAM roles, or short-lived credentials, and do not paste or commit long-lived AWS keys or live user passwords.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

High
Confidence
95% confidence
Finding
The skill is configured to trigger for essentially any authentication or authorization task that could involve AWS Cognito, even when the user does not explicitly request Cognito. That over-broad routing can cause the agent to select this skill for unrelated identity tasks, increasing the chance of inappropriate guidance, unnecessary handling of token/credential workflows, or accidental expansion into AWS-specific security-sensitive operations.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrase list includes broad, common auth terms like sign-up/sign-in, MFA setup, token refresh, and RBAC patterns without requiring AWS/Cognito context. This can lead to over-invocation on ordinary application security requests, causing misrouting and potentially exposing users to advice that assumes Cognito-specific token and federation models where they do not apply.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The troubleshooting guide tells users to set AWS credentials via environment variables but does not warn that these are sensitive secrets that must not be committed to source control, logged, or exposed to client-side code. In an auth-focused Cognito skill, this omission can normalize unsafe secret handling and lead to credential leakage in development workflows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal