ClawHub
Code PluginExecutes codesource-linked

AWS Bedrock Auth

marxbiotech-bedrock-auth

Community code plugin. Review compatibility and verification before install.
marxbiotech-bedrock-auth · runtime id marxbiotech-bedrock-auth
Install
openclaw plugins install clawhub:marxbiotech-bedrock-auth
Latest Release
Version 1.0.0
Compatibility
{
  "builtWithOpenClawVersion": "1.0.0",
  "pluginApiRange": ">=1.0.0"
}
Capabilities
{
  "bundledSkills": [],
  "capabilityTags": [
    "executes-code"
  ],
  "channels": [],
  "commandNames": [],
  "configSchema": true,
  "configUiHints": false,
  "executesCode": true,
  "hooks": [],
  "httpRouteCount": 0,
  "materializesDependencies": false,
  "providers": [],
  "runtimeId": "marxbiotech-bedrock-auth",
  "serviceNames": [],
  "setupEntry": false,
  "toolNames": []
}
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code implements MFA-based AWS STS assume-role and updates local OpenClaw config to pick a Bedrock model — this is coherent with the skill name/description. However, the registry metadata declares no required env vars or credentials even though the implementation expects AWS_ROLE_ARN, AWS_MFA_SERIAL, AWS_BASE_ACCESS_KEY_ID, and AWS_BASE_SECRET_ACCESS_KEY (and optionally BEDROCK_DEFAULT_MODEL, OPENCLAW_HOME). The omission in metadata is an incoherence.
!
Instruction Scope
There is no SKILL.md with runtime prose describing behavior; the included code (TS and shell) executes the aws CLI, parses STS output, writes session credentials to disk (~/.aws/session.json or /root/.aws/session.json), and can modify OpenClaw's openclaw.json model configuration. Those file writes and config modifications are not documented in the registry metadata and are sensitive operations outside a trivial auth helper scope.
Install Mechanism
No install spec is provided (instruction-only in registry), so nothing is pulled from external URLs. The code relies on the system aws CLI and node available at runtime; that dependency is expected for this functionality.
!
Credentials
The implementation requires multiple sensitive environment variables (AWS_ROLE_ARN, AWS_MFA_SERIAL, AWS_BASE_ACCESS_KEY_ID, AWS_BASE_SECRET_ACCESS_KEY) but the skill metadata declares none. Requesting base AWS credentials to call sts:AssumeRole is functionally reasonable for this task, but the lack of declared required envs and the need to supply long-lived base creds (AWS_BASE_*) is a significant risk and should be explicit to users.
!
Persistence & Privilege
The skill writes session credentials to disk (~/.aws/session.json or /root/.aws/session.json) and may modify OpenClaw's openclaw.json to change the default model. Writing credentials and changing agent configuration have lasting effects beyond a single command; while this can be legitimate for an auth helper, it elevates the impact if the skill or environment is untrusted.
What to consider before installing
This skill's behavior largely matches its stated purpose, but the package/registry did not declare the sensitive environment variables it expects and the code will write AWS session credentials to disk and may modify your OpenClaw agent config. Before installing or running it: (1) review the code yourself (or have someone you trust do so); (2) only supply minimally scoped base AWS credentials (ideally short-lived or restricted) — avoid providing long-lived root/owner keys; (3) ensure the aws CLI and Node runtime will be executed in an isolated environment or container; (4) back up openclaw.json in case the skill changes default models unexpectedly; (5) prefer explicit metadata: ask the author to declare required env vars and to document file paths the skill writes to; (6) if you cannot verify the author, do not provide AWS_BASE_ACCESS_KEY_ID/AWS_BASE_SECRET_ACCESS_KEY — instead use an alternative, auditable authentication flow.
src/aws-auth.ts:17
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.
Verification
{
  "hasProvenance": false,
  "scanStatus": "pending",
  "scope": "artifact-only",
  "sourceCommit": "172ec47851ae8a6516032204dce3182fc800e077",
  "sourceRepo": "marxbiotech/moltbot-app",
  "sourceTag": "172ec47851ae8a6516032204dce3182fc800e077",
  "summary": "Validated package structure and linked the release to source metadata.",
  "tier": "source-linked"
}
Tags
{
  "latest": "1.0.0"
}