amazon-cognito Security Report — Trusted | ClawSafe

0 /100

amazon-cognito

Amazon Cognito integration via Membrane CLI

This skill is purely documentation-based, delegating all Cognito integration to the legitimate Membrane CLI. No executable code, scripts, or suspicious behavior detected.

Skill Nameamazon-cognito

Duration25.0s

Enginepi

✓

Safe to install

This skill is safe to use. No additional verification needed.

Resource	Declared	Inferred	Status	Evidence
Shell	`WRITE`	`WRITE`	✓ Aligned	npm install -g @membranehq/cli (documented in SKILL.md line 24)
Network	`READ`	`READ`	✓ Aligned	API calls through Membrane proxy (documented in SKILL.md)
Filesystem	`NONE`	`NONE`	—	No file operations in skill
Environment	`NONE`	`NONE`	—	No env access in skill
Skill Invoke	`NONE`	`NONE`	—	No skill invocation in skill
Clipboard	`NONE`	`NONE`	—	No clipboard access in skill
Browser	`NONE`	`NONE`	—	Browser used only for OAuth flow (documented)
Database	`NONE`	`NONE`	—	No database access in skill

2 findings

🔗

Medium External URL 外部 URL

https://getmembrane.com

SKILL.md:7

🔗

Medium External URL 外部 URL

https://docs.aws.amazon.com/cognito/

SKILL.md:19

File Tree

1 files · 4.6 KB · 132 lines

Markdown 1f · 132L

└─ 📝 SKILL.md Markdown 132L · 4.6 KB

Security Positives

✓ No executable code - skill is documentation only

✓ Delegates to legitimate third-party CLI (@membranehq/cli)

✓ Explicitly instructs to never ask for API keys or tokens

✓ Credentials managed server-side by Membrane infrastructure

✓ Uses standard npm/npx installation (no curl|bash)

✓ No obfuscation, base64, or anti-analysis patterns

✓ No hidden functionality detected

✓ Clean documentation with clear security guidance

Scan Report

File Tree

Security Positives