Aws Service Chaos Research
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may not work unless the AWS Knowledge MCP server and/or AWS CLI are already configured.
The skill relies on external MCP tools and optionally AWS CLI, while the registry metadata declares no required binaries, env vars, or credentials. This is disclosed in the docs and no automatic installer is present, so it is a compatibility/transparency note rather than a concern.
Required tools (at least one of each group): ... `aws___read_documentation` ... AWS CLI `aws fis list-actions`
Use a trusted aws-knowledge-mcp-server setup and confirm which AWS CLI profile/region will be used before invoking the skill.
The agent may use local AWS CLI configuration and shell utilities to discover region-specific FIS actions.
The skill instructs the agent to run local shell/AWS CLI commands. These commands are read-only and directly support the stated purpose, but they still execute in the user's local environment.
run `aws configure get region` ... `aws fis list-actions --region TARGET_REGION | jq '.actions[].id' | awk -F':' '{print $2}' | sort -u`Confirm the intended AWS profile and region, and use least-privilege/read-only permissions for FIS action discovery.
If AWS CLI is configured, the skill may make AWS API calls under the user's account to list available FIS actions.
AWS CLI use normally relies on the user's configured AWS credentials/profile. The documented use is for FIS action discovery, not mutation, and there is no evidence of credential logging or unrelated account access.
AWS CLI (`aws`) | FIS action discovery (preferred) | Falls back to documentation search if unavailable
Run with an AWS profile that has only the read permissions needed for discovery; do not grant experiment-creation or destructive permissions unless you separately intend to use them.
Documentation lookups may disclose the AWS service and region being researched to the configured MCP provider.
The skill sends documentation queries and page-read requests through AWS Knowledge MCP. This is disclosed and purpose-aligned, but service names, regions, and any user-provided context included in queries may leave the local agent boundary.
All documentation research uses **only** the AWS Knowledge MCP tools above. Do NOT use SearXNG or other web search tools for documentation research.
Avoid putting secrets, account IDs, or sensitive resource identifiers into search phrases, and use a trusted MCP server.
Following the generated recommendations without safeguards could disrupt AWS workloads or dependent systems.
The report template includes potentially disruptive chaos-engineering actions. In context these are recommendations/hints for a chaos-testing report, not automatic execution instructions, but they could cause outages if a user later runs them in production.
`aws:network:disrupt-connectivity` ... `aws:ec2:stop-instances` / `terminate-instances` ... `aws:ssm:send-command`
Treat the output as a planning document: require human approval, define stop conditions, limit blast radius, and test in controlled/non-production environments where possible.