ClawHub

Aws Service Chaos Research

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed AWS chaos-testing research/report generator; it uses AWS documentation tools, read-only AWS CLI discovery, and local markdown report output, with no evidence that it runs experiments or hides behavior.

Install this only if you are comfortable with it using AWS Knowledge MCP tools and, when available, your AWS CLI profile to list FIS actions for a region. Use a least-privilege AWS profile, expect timestamped markdown reports to be created locally, and treat any chaos-testing commands or next steps as planning guidance that require manual review and approval before use in real environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill goes beyond research by instructing the agent to write markdown reports to the local filesystem and disclose file paths. That creates an unnecessary side effect that can overwrite local files, leak workstation structure, or persist sensitive environment-derived content without explicit user consent.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Reading the local AWS CLI configuration (`aws configure get region`) inspects host environment state that is not necessary for a documentation-first research skill. Even limited configuration probing can reveal contextual information about the user's cloud environment and normalize broader local introspection by future skill changes.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill directs execution of live AWS CLI commands against the user's environment to enumerate regional FIS actions. This expands the skill from documentation research into environment interrogation using the user's credentials, which can expose account/region capabilities and violate least surprise if the user only asked for conceptual guidance.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The README states that the skill saves generated reports directly to local markdown files, but it does not clearly warn the user that content derived from prompts, service names, regions, and potentially environment observations will be written to disk. This can create an unintended data persistence/privacy issue, especially in shared workstations, CI runners, or sensitive environments where local artifacts may be collected, synced, or exposed.

Vague Triggers

Medium
Confidence
81% confidence
Finding
Broad trigger phrases like 'test my [service]' can activate the skill for ordinary support or architecture questions, causing unexpected execution of local commands and file writes. Over-broad activation increases the chance that risky side effects occur without the user intending to invoke a high-privilege research workflow.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill silently writes reports to local markdown files, but that side effect is not disclosed in the user-facing description or trigger metadata. Hidden persistence is dangerous because users may unknowingly authorize local storage of cloud-environment details, and other local users or processes may later access those files.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal