ClawHub

Cognito

Security checks across malware telemetry and agentic risk

Overview

This skill needs review because it describes AWS Cognito but points setup at a different Cognito-branded site and permits broad authenticated API requests.

Install only after confirming whether this is meant for AWS Cognito or another Cognito service. Use a least-privileged account, review Membrane’s requested access, avoid raw proxy calls unless you know the exact endpoint and effect, and require explicit user approval before any create, update, delete, or membership-change operation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The documented `membrane connection ensure` flow is broader than the skill’s stated Cognito-only purpose because it explicitly allows automatic creation of arbitrary app connections and connectors when no known app match exists. In an agent setting, this expands the skill’s effective authority beyond Cognito and can let unrelated external services be connected and queried under the guise of a Cognito skill.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The proxy section permits direct requests to arbitrary API paths through Membrane rather than limiting operations to vetted Cognito actions. This bypasses the safety boundary implied by a narrow integration skill and can expose broader API surface area, including destructive or sensitive endpoints not covered by curated actions.

Vague Triggers

Medium
Confidence
74% confidence
Finding
The activation text 'Use when the user wants to interact with Cognito data' is broad enough that an orchestrator may invoke the skill for loosely related requests without confirming exact scope or sensitivity. Overbroad routing increases the chance that the agent uses this skill in contexts where its connection-management and proxy features are inappropriate or overly powerful.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal