aws-mcp-setup

Warn

Audited by Socket on Mar 18, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

The skill is SUSPICIOUS overall due to inconsistent security posture relative to its stated purpose: it prescribes (or at least implies) downloading and running an external MCP proxy binary and interacting with external MCP/documentation endpoints, while also including credential snippets in examples. This combination creates potential credential exposure, supply-chain risk, and data routing concerns that are not adequately mitigated by explicit verifications or restrictions. If used, enforce strict provenance checks (signed binaries, verifiable checksums), avoid embedding real credentials in docs, and constrain data flows to official AWS MCP endpoints with minimal external dependencies.

Confidence: 62%Severity: 58%
Audit Metadata
Analyzed At
Mar 18, 2026, 04:50 PM
Package URL
pkg:socket/skills-sh/zxkane%2Faws-skills%2Faws-mcp-setup%2F@6025164e75c62254a3a99b40f78d3dd61bbb1e77
Security Audit — socket — aws-mcp-setup