Back to skill

Security audit

Aws Networking Audit

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only AWS VPC audit skill that uses sensitive but disclosed read-only AWS queries.

Install only if you are comfortable allowing the agent read access to AWS networking configuration and Flow Log data. Use a dedicated least-privilege read-only role, restrict account/region/VPC scope, keep log queries time-bounded, and review the declared MCP dependency before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The file adds IAM identity and permission-auditing commands to a skill described as a VPC networking audit. Even though the commands are read-only, they extend the operational scope into IAM enumeration and privilege analysis, which violates least-privilege expectations and can expose sensitive account and permission metadata during use.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
`iam simulate-principal-policy` is not necessary for auditing VPC networking configuration and meaningfully broadens the skill into permission analysis. In the context of an agent skill, this can encourage collection of authorization details beyond the user's expected task and creates unnecessary sensitive capability discovery.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.