aws-agentcore-langgraph

Security checks across malware telemetry and agentic risk

Overview

This is a coherent AWS AgentCore and LangGraph deployment skill with visible, user-directed cloud commands and memory features.

Install this only if you intend to manage AWS AgentCore/LangGraph deployments. Use a least-privileged AWS profile, confirm the account and region before deploy or destroy commands, prefer dry-run cleanup where available, and define retention, consent, deletion, and tenant-boundary rules before storing conversation memory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The documentation includes `agentcore destroy` as a cleanup command without any warning that it may irreversibly remove deployed infrastructure and associated resources. In an agent skill context, users may copy-paste CLI commands directly, so omitting a confirmation note increases the risk of accidental teardown, service outage, and data loss.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal