ClawHub

AWS | Amazon Web Services

Security checks across malware telemetry and agentic risk

Overview

This AWS skill has a legitimate purpose, but it under-labels high-impact AWS commands that can change infrastructure, IAM, budgets, logging, and data retention.

Install only if you want an agent to help with real AWS operations. Before running any command, verify AWS_PROFILE, account ID, region, resource names, and whether the command creates, changes, deletes, grants access, changes retention, or affects costs. Require explicit approval for IAM, lifecycle, database, security group, secrets, budget, logging, and cleanup actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The skill states that all shown AWS CLI commands are read-only by default, but the document includes write operations such as creating VPC endpoints and setting log retention policies. This mismatch can mislead users or agents into executing state-changing commands under the assumption they are safe to run for inspection, causing unintended infrastructure modifications or policy changes in a live AWS account.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The S3 lifecycle example automatically expires objects after 365 days, but the surrounding guidance does not clearly warn that this causes permanent deletion. In a cost-optimization skill, users may copy-paste the command to reduce storage costs without fully appreciating the data-retention and recovery implications, which creates a realistic risk of unintended data loss.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The setup text says the skill may activate not only when explicitly called, but also whenever AWS topics arise in conversation. That creates an over-broad trigger boundary, which can cause the skill to engage without clear user intent and steer conversations or recommendations unexpectedly. In a cloud-architecture skill, this matters because advice may influence infrastructure, security, and spending decisions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal