aws-agentcore-langgraph
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent following the commands could create, update, or delete AWS resources.
The skill documents commands that can deploy or remove AWS AgentCore resources. This is purpose-aligned, but these commands can materially change a cloud environment if run with real credentials.
`agentcore launch --deployment-type container` | Deploy (container mode) ... `agentcore destroy` | Cleanup
Use explicit user approval for deploy/destroy operations, prefer least-privileged AWS roles, and preview cleanup actions where possible.
The skill can surface account/resource inventory and operate under the permissions of the chosen AWS profile.
The helper script can use a local AWS profile to enumerate AgentCore resources, workload identities, and policies. This is consistent with AWS diagnostics, but depends on the privileges of the configured AWS account.
export AWS_PROFILE="$PROFILE" ... aws bedrock-agentcore-control list-workload-identities ... aws bedrock-agentcore-control list-policies
Run it only with an AWS profile intended for this project and avoid broad administrator credentials unless necessary.
Future package changes or compromised dependencies could affect the environment where the commands are run.
The setup instructions install external packages without pinning versions. This is normal for a deployment reference, but users inherit package-source and version-drift risk.
pip install bedrock-agentcore bedrock-agentcore-starter-toolkit langgraph uv tool install bedrock-agentcore-starter-toolkit
Pin package versions, use trusted package indexes, and review dependency provenance for production deployments.
User facts, decisions, or conversation context may persist beyond a single session and influence later agent behavior.
The skill explicitly uses long-term memory shared across sessions or agents. This is central to the stated purpose, but persisted context can retain sensitive details or be reused later.
**LTM**: Facts/decisions across sessions/agents
Define retention, deletion, tenancy, and review policies for AgentCore Memory before using it with sensitive data.
Agent requests may trigger external tools or pass data to connected services.
The gateway design connects agents to external APIs, Lambda functions, and MCP servers. This is purpose-aligned, but tool identity, authentication, and data boundaries should be configured carefully.
Gateway transforms APIs, Lambda, and MCP servers into unified MCP-compatible tools.
Restrict gateway targets, validate tool inputs, and use scoped API keys/OAuth clients for each integration.