Back to skill

Security audit

AWS云架构师

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed AWS CLI assistant that mainly performs read-only cloud checks and requires confirmation for changes, with no evidence of hidden or malicious behavior.

Install only if you intend an agent to use AWS CLI on your behalf. Use a dedicated least-privilege AWS profile, prefer SSO/roles or short-lived credentials over static keys, review commands before confirming any write or destructive action, and be aware that temporary cache files may contain resource inventory details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill advertises a 'zero exposure key' rule, yet later instructs operators to configure long-lived AWS access keys via environment variables or aws configure. While standard for AWS CLI setup, this contradicts the stated security posture and increases the chance that an agent with exec/read access may encounter, misuse, or expose credentials from shell history, environment inspection, or local config files.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger keywords include broad generic terms such as infrastructure management, security audit, cost optimization, and AWS CLI, which can cause the skill to activate in contexts not intended by the user. In a skill with exec capability against AWS CLI, accidental invocation is dangerous because it may prompt credentialed cloud enumeration or prepare sensitive operations in the wrong conversation context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.