Skills
skills/necatiarslan/awsclaw/awsclaw-apigateway/Gen Agent Trust Hub

awsclaw-apigateway

Warn

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [DATA_EXFILTRATION]: The skill provides commands to retrieve sensitive security credentials and configuration data from the AWS environment. Examples include GetApiKey and GetApiKeys for plain-text keys, GetClientCertificate for SSL/TLS certificates, and GetUsagePlanKey for plan-specific keys.
  • [DATA_EXFILTRATION]: The GetExport command includes an includeCredentials parameter which, if enabled, incorporates security credentials into the generated API definition file.
  • [COMMAND_EXECUTION]: The skill enables high-privilege administrative actions that can modify or destroy infrastructure, such as DeleteRestApi, DeleteResource, DeleteMethod, DeleteStage, and DeleteAuthorizer.
  • [COMMAND_EXECUTION]: The TestInvokeMethod and TestInvokeAuthorizer commands allow for arbitrary request triggering within the AWS environment, permitting the agent to send custom headers, bodies, and query strings to internal endpoints.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 13, 2026, 08:11 PM