awslabs.cloudwatch-mcp-server

v0.1.4 suspicious
4.0
Medium Risk

An AWS Labs Model Context Protocol (MCP) server for cloudwatch

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate signs of obfuscation, which raises concerns about its true intentions. While there are no immediate signs of malicious activity, the obfuscation could be used to hide malicious functionality.

  • moderate obfuscation risk
  • single package from author
Per-check LLM notes
  • Network: No network calls detected, which is normal for a package that does not require external communication.
  • Shell: No shell execution patterns detected, indicating the package does not execute system commands.
  • Obfuscation: The observed patterns may indicate an attempt to obfuscate code for reasons such as evading detection or making reverse engineering more difficult, but without further context, it's uncertain if this is malicious.
  • Credentials: No clear evidence of credential harvesting was found.
  • Metadata: The author has only one package, suggesting it may be new or less active, but no other red flags are present.

📦 Package Quality Overall: Medium (6.6/10)

✦ High Test Suite 9.0

Test suite present — 25 test file(s) found

  • Test runner config found: pyproject.toml
  • 25 test file(s) detected (e.g. test_aws_common.py)
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "docs" -> https://awslabs.github.io/mcp/servers/cloudwatch-mcp-server/
  • Detailed PyPI description (15242 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 72 type-annotated function signatures detected in source
✦ High Multiple Contributors 10.0

Active multi-contributor project

  • 42 unique contributor(s) across 100 commits in awslabs/mcp
  • Active community — 5 or more distinct contributors

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 6.0

Found 3 obfuscation pattern(s)

  • amespace packages. __path__ = __import__('pkgutil').extend_path(__path__, __name__) # Copyright Amazon.com, In
  • e(2023, 1, 1, 0, 0, 0, tzinfo=__import__('datetime').timezone.utc), datetime(2023, 1, 1, 1, 0, 0
  • e(2023, 1, 1, 1, 0, 0, tzinfo=__import__('datetime').timezone.utc), 'both timezone-aware datetim
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: amazon.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository awslabs/mcp appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Amazon Web Services" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with awslabs.cloudwatch-mcp-server 
Build a simple Python application using the awslabs.cloudwatch-mcp-server package to demonstrate its core features.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!