aws-transform

https://raw.githubusercontent.com/aws/agent-toolkit-for-aws/main/skills/specialized-skills/migration-and-modernization-skills/aws-transform/SKILL.md

github.com/aws/agent-toolkit-for-aws

Scanned Thu, 28 May 2026 17:27:53 GMT

Scan ID crawl-g20rankwanu368vrdc2oneq5 · 9ms

SCORE 55 / 100

Verdict: Proceed with caution

9 high-severity findings.

This skill runs unsafe shell commands plus 9 other issues listed below.

0 critical9 high1 medium2 rules passed

Why grade C?

score · 55 / 100

The current grade reflects 9 high-severity findings (3+ HIGHs → C).

0 CRIT9 HIGH1 MED0 LOW

To reach a higher grade

B
Reach Btarget score 75
Resolve 7 of 9 HIGH (cap is 2).
A
Reach Atarget score 95
Resolve all 9 HIGH.

Thresholds are documented at /docs/grading. Source-of-truth is the grade() function in @skillox/scanner.

Findings · ordered by severity

high

Dangerous shell pattern: curl | shell

The skill contains a shell command pattern (`curl | shell`) commonly used in destructive or supply-chain attacks.

rule: dangerous-shellline: 168CWE-78

▾

166```bash

167atx --version

168# Install: curl -fsSL https://transform-cli.awsstatic.com/install.sh | bash← curl | shell — common in destructive or supply-chain attacks

169```

170

high

Dangerous shell pattern: curl | shell

The skill contains a shell command pattern (`curl | shell`) commonly used in destructive or supply-chain attacks.

rule: dangerous-shellline: 602CWE-78

▾

600 # Rust

601 USER atxuser

602 RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y← curl | shell — common in destructive or supply-chain attacks

603 ENV PATH="/home/atxuser/.cargo/bin:$PATH"

604 USER root

high

Sensitive filesystem path referenced

The skill references a path (`~\/\.aws\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 137CWE-552

▾

135AWS Transform custom requires AWS credentials to authenticate with the service. Configure authentication using one of the following methods.

136

1371. AWS CLI Configure (~/.aws/credentials):← sensitive path — credential-exfiltration vector

138 aws configure

139

high

Sensitive filesystem path referenced

The skill references a path (`~\/\.aws\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 140CWE-552

▾

138 aws configure

139

1402. AWS Credentials File (manual). Configure credentials in ~/.aws/credentials:← sensitive path — credential-exfiltration vector

141

142[default]

high

Sensitive filesystem path referenced

The skill references a path (`~\/\.aws\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 159CWE-552

▾

157Do NOT proceed until credentials are verified. Re-run `aws sts get-caller-identity` after setup.

158

159Note: environment variables set via `export` do not carry over between shell sessions. If the agent spawns a new shell, credentials set as env vars may be lost. Prefer `aws configure` or `~/.aws/credentials` for persistence.← sensitive path — credential-exfiltration vector

160

161### 3. ATX CLI (Required — All Modes)

high

Sensitive filesystem path referenced

The skill references a path (`~\/\.aws\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 296CWE-552

▾

294

295```bash

296mkdir -p ~/.aws/atx/custom/atx-agent-session/repos← sensitive path — credential-exfiltration vector

297aws s3 sync s3://user-bucket/repos/ ~/.aws/atx/custom/atx-agent-session/repos/ --exclude "*" --include "*.zip"

298for zip in ~/.aws/atx/custom/atx-agent-session/repos/*.zip; do

high

Sensitive filesystem path referenced

The skill references a path (`~\/\.aws\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 297CWE-552

▾

295```bash

296mkdir -p ~/.aws/atx/custom/atx-agent-session/repos

297aws s3 sync s3://user-bucket/repos/ ~/.aws/atx/custom/atx-agent-session/repos/ --exclude "*" --include "*.zip"← sensitive path — credential-exfiltration vector

298for zip in ~/.aws/atx/custom/atx-agent-session/repos/*.zip; do

299 name=$(basename "$zip" .zip)

high

Sensitive filesystem path referenced

The skill references a path (`~\/\.aws\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 298CWE-552

▾

296mkdir -p ~/.aws/atx/custom/atx-agent-session/repos

297aws s3 sync s3://user-bucket/repos/ ~/.aws/atx/custom/atx-agent-session/repos/ --exclude "*" --include "*.zip"

298for zip in ~/.aws/atx/custom/atx-agent-session/repos/*.zip; do← sensitive path — credential-exfiltration vector

299 name=$(basename "$zip" .zip)

300 unzip -qo "$zip" -d "$HOME/.aws/atx/custom/atx-agent-session/repos/${name}-$SESSION_TS/"

high

Sensitive filesystem path referenced

The skill references a path (`~\/\.aws\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 810CWE-552

▾

808`aws s3 cp s3://atx-custom-output-{account-id}/transformations/{job-name}/{conversation-id}/code.zip ./code.zip`

809

810Bulk results summary: `~/.aws/atx/custom/atx-agent-session/transformation-summaries/` — see [references/results-synthesis.md](references/results-synthesis.md).← sensitive path — credential-exfiltration vector

811

812## References

med

No capability manifest declared

The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.

rule: no-manifest

▾

Scan another →Share

skillox.io/r/crawl-g20rankwanu368vrdc2oneq5