aws-kb-retrieval / security
Security review
Is AWS KB Retrieval MCP safe to give an agent?
unknownunknownofficialdegraded
A factual risk summary built from AWS KB Retrieval’s real tool surface, execution model, and verification history — not a vibe. Trust score 71/100.
01What it can do
No tool handshake yet — capability surface unverified.
0 tools observed
02Execution model
Transport not yet confirmed, so the execution model is unknown. Treat as untrusted until verified.
No runnable install method captured.
03Permissions & auth
No auth scopes captured yet (scope extraction runs during the sandboxed handshake, gated until configured). Treat unconfirmed scopes as unknown, not as “none.”
04Verification
handshakenot confirmed
runsmetadata:passed · metadata:passed · metadata:passed · metadata:passed · metadata:passed
last_checked2026-06-29 07:26Z
sourcesmodelcontextprotocol/servers [p2]
Reduce the risk
Wrap AWS KB Retrieval in a governed Loadout — scoped permissions, approval rules on write/destructive tools, and audit logging — instead of handing your agent raw access.
Build a governed LoadoutSee also: full server page · setup · alternatives