Amazon Aplus Content
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is mostly a coherent Amazon A+ content-writing guide, but it unnecessarily grants Bash shell access for an instruction-only marketing skill.
This skill can help draft Amazon A+ content, but its declared Bash access is unnecessary for that purpose. Install only if you are comfortable denying or closely reviewing any shell-command use, or prefer a version that removes Bash access.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent uses this skill, it may have access to local shell commands unrelated to creating Amazon A+ content, which could affect local files or environment state if misused.
The skill's purpose is marketing content generation, and the artifact provides no code, install step, or workflow that requires shell execution, making Bash access overbroad and unexplained.
description: "Amazon A+ content ... builder..." ... allowed-tools: Bash
Remove Bash from the allowed tools, or clearly document a narrow, user-approved shell workflow. Users should avoid approving shell execution for this skill unless a specific command is justified.