aws-safe-mcp

v0.3.0 suspicious
4.0
Medium Risk

Read-only, opinionated MCP server for safely investigating AWS resources.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risks related to credential handling and metadata integrity, with no direct evidence of malicious intent but concerns over security practices and maintenance.

  • Credential risk due to reliance on environment variables for AWS credentials
  • Red flags in metadata including non-secure links and low maintainer activity
Per-check LLM notes
  • Network: No network calls detected, which is normal unless the package is designed to interact with external services like AWS.
  • Shell: No shell execution patterns detected, indicating the package does not execute system commands.
  • Obfuscation: No obfuscation patterns detected in the provided code snippets.
  • Credentials: The code appears to be retrieving AWS credentials from environment variables, which is a common practice but should be handled securely to prevent unauthorized access.
  • Metadata: The package shows some red flags such as non-secure links and low maintainer activity, but lacks clear evidence of malice.

📦 Package Quality Overall: Medium (5.8/10)

✦ High Test Suite 9.0

Test suite present — 35 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: pyproject.toml
  • 35 test file(s) detected (e.g. conftest.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (12288 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Type checker (mypy / pyright / pytype) referenced in project
  • 1032 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 6.0

Limited contributor diversity

  • 2 unique contributor(s) across 19 commits in harryhazza77/aws-safe-mcp
  • Two distinct contributors found

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting score 10.0

Found 4 credential access pattern(s)

  • _argument("--config", default=os.environ.get("AWS_SAFE_MCP_CONFIG")) parser.add_argument("--profile", defa
  • argument("--profile", default=os.environ.get("AWS_PROFILE")) parser.add_argument( "--region",
  • "--region", default=os.environ.get("AWS_REGION") or os.environ.get("AWS_DEFAULT_REGION"), )
  • .environ.get("AWS_REGION") or os.environ.get("AWS_DEFAULT_REGION"), ) parser.add_argument( "--
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links score 4.0

Found 2 suspicious link(s) on the package page

  • Non-HTTPS external link: http://127.0.0.1:4566
  • Non-HTTPS external link: http://127.0.0.1:4572
Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Haresh Patel" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aws-safe-mcp 
Create a Python-based mini-application named 'AWS Explorer' that allows users to securely investigate their AWS resources through a read-only, opinionated MCP server provided by the 'aws-safe-mcp' package. The application should have the following core functionalities:

1. **User Authentication**: Implement a simple login system where users can authenticate using their AWS credentials securely.
2. **Resource Inquiry**: Allow users to query various AWS resources such as EC2 instances, S3 buckets, RDS databases, etc., by providing a user-friendly interface or command-line options.
3. **Resource Details Display**: Once queried, display detailed information about the selected AWS resources in a structured format (e.g., JSON).
4. **Security Measures**: Ensure that all interactions with AWS resources are done in a read-only mode, adhering to the principles of 'aws-safe-mcp'.
5. **Logging and Reporting**: Integrate logging capabilities to record all user activities and resource queries for auditing purposes.
6. **Optional Features**: Consider adding optional features like resource tagging, filtering resources based on specific criteria (e.g., region, type), and exporting resource details to CSV or JSON files.

The 'aws-safe-mcp' package will be primarily utilized to establish a secure connection to AWS resources, ensuring that all operations are performed in a safe, read-only manner. This package will also help in managing the server-side configuration necessary for the MCP server to function effectively.

Your task is to design and implement this mini-application from scratch, making sure it meets the requirements outlined above while leveraging the 'aws-safe-mcp' package for its core functionalities.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!