Package Metadata

Author: Amazon Web Services
Email: AWSLabs MCP <[email protected]>
PyPI: awslabs.cloudwatch-applicationsignals-mcp-server
Python: >=3.10
Versions: 23 releases
First release: 06 Nov 2025, 23:14 UTC
Analysed: 08 Jun 2026, 14:34 UTC
Source files: 46 .py files scanned

Project Links

Bug Tracker Changelog Documentation Homepage Source

Classifiers

License :: OSI Approved :: Apache Software LicenseOperating System :: OS IndependentProgramming Language :: PythonProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows some legitimate signs of potential misuse due to credential handling and shell execution, but lacks clear malicious indicators. Further investigation into its usage and the context in which it operates is advised.

Credential risk due to AWS_PROFILE environment variable check
Presence of shell execution patterns

Per-check LLM notes

Network: No network calls detected, which is normal and expected.
Shell: Shell execution patterns are present but may be legitimate for package operations; further review of the source code is recommended.
Obfuscation: The observed pattern is a standard method for extending package paths and does not indicate malicious obfuscation.
Credentials: The code checks for AWS_PROFILE environment variable which could be used to harvest credentials if executed in a broader context without proper controls.
Metadata: The author has only one package, which may indicate a new or less active account, but no other suspicious flags were detected.

📦 Package Quality Overall: Medium (6.6/10)

✦ High Test Suite 9.0

Test suite present — 22 test file(s) found

Test runner config found: conftest.py
Test runner config found: pyproject.toml
22 test file(s) detected (e.g. conftest.py)

◈ Medium Documentation 7.0

Some documentation present

Documentation URL: "Documentation" -> https://awslabs.github.io/mcp/servers/cloudwatch-application
Detailed PyPI description (51369 chars)

○ Low Contributing Guide 2.0

No contributing guide or governance files found

No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found

◈ Medium Type Annotations 5.0

Partial type annotation coverage

60 type-annotated function signatures detected in source

✦ High Multiple Contributors 10.0

Active multi-contributor project

42 unique contributor(s) across 100 commits in awslabs/mcp
Active community — 5 or more distinct contributors

🔬 Heuristic Checks

✓ Outbound Network Calls

No suspicious network call patterns found

⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

amespace packages. __path__ = __import__('pkgutil').extend_path(__path__, __name__) # Copyright Amazon.com, In

⚠ Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

"""Execute a command using subprocess.run().""" result = subprocess.run( cmd,
ss.run().""" result = subprocess.run( cmd, cwd=cwd, capture_o

⚠ Credential Harvesting score 10.0

Found 5 credential access pattern(s)

st-profile'}): assert os.environ.get('AWS_PROFILE') == 'test-profile' # Test walrus operator
ent if aws_profile := os.environ.get('AWS_PROFILE'): assert aws_profile == 'test-profile'
, clear=True): assert os.environ.get('AWS_PROFILE') is None # Test walrus operator assignment
one if aws_profile := os.environ.get('AWS_PROFILE'): pytest.fail('Should not enter this br
if aws_profile := os.environ.get('AWS_PROFILE'): # This block needs coverage

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: users.noreply.github.com>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository awslabs/mcp appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

Author "Amazon Web Services" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with awslabs.cloudwatch-applicationsignals-mcp-server

Create a monitoring dashboard app using Python that integrates with AWS CloudWatch to monitor application signals in real-time. This app will use the 'awslabs.cloudwatch-applicationsignals-mcp-server' package to facilitate communication between your application and AWS Application Signals, enabling you to visualize and analyze the performance of your applications more effectively. Your task is to develop a user-friendly interface where users can select specific applications and view their health metrics such as CPU usage, memory usage, request latency, error rates, etc., all in real-time. Additionally, implement alerts that notify users via email or SMS when certain thresholds are exceeded. The app should also provide historical data visualization to help identify trends and patterns over time. Use Flask or Django for the web framework, and ensure that the app is secure and scalable. Include documentation on setting up the environment, deploying the app, and integrating it with AWS services.

💬 Discussion Feed

No discussion yet. Be the first to share your thoughts!

🤖 AI Analysis

📦 Package Quality Overall: Medium (6.6/10)

🔬 Heuristic Checks

💡 AI App Starter Prompt

💬 Discussion Feed

Leave a comment

Report Abuse / Security Issue