Back to skill

Security audit

aws-agentcore-langgraph

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent AWS AgentCore/LangGraph deployment aid, but users should treat its cloud deployment, cleanup, logging, and memory examples as powerful account-level operations.

Install this only if you intend to manage AWS AgentCore deployments. Use least-privileged AWS credentials, confirm AWS profile/account/region before running deploy, logging, memory, or destroy commands, prefer dry-run or non-production environments first, and avoid storing secrets, PII, or regulated data in AgentCore memory unless you have retention and deletion controls in place.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
82% confidence
Finding
The skill metadata and documentation present the capability as deployment/orchestration guidance, but the referenced behavior also includes inventorying AgentCore resources, retrieving metadata for existing runtimes and memory stores, and tailing CloudWatch logs. In an AWS environment, those actions expose operational visibility into pre-existing infrastructure and data that goes beyond the declared scope, increasing the risk of unintended reconnaissance and sensitive information disclosure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation encourages persistent cross-session and cross-agent memory without any warning about retention, sensitivity, or privacy boundaries. In agent systems, memory payloads can easily contain user prompts, secrets, PII, or business data, so omitting retention and handling guidance can lead to unsafe long-term storage of sensitive information.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The CLI section includes commands that configure, deploy, and destroy cloud resources but does not warn users that these operations can create billable infrastructure or irreversibly remove deployed resources. This can lead to accidental environment modification or destructive cleanup in shared or production AWS accounts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.