Security review

Is awslabs.aws-support-mcp-server MCP safe to give an agent?

write capableunknownwrite capablehealthy

A factual risk summary built from awslabs.aws-support-mcp-server’s real tool surface, execution model, and verification history — not a vibe. Trust score 49/100.


01What it can do

Has tools that can create or modify data.

11 tools observedwrite present

02Execution model

Transport not yet confirmed, so the execution model is unknown. Treat as untrusted until verified.

Installs via pip (`pip install awslabs.aws-support-mcp-server`) — it pulls and executes third-party code; pin versions and review the source.


03Permissions & auth

No auth scopes captured yet (scope extraction runs during the sandboxed handshake, gated until configured). Treat unconfirmed scopes as unknown, not as “none.”


04Verification
handshakepassed — tool surface is real
runstools_list:passed · handshake:passed · metadata:passed · metadata:passed
last_checked2026-06-30 21:08Z
sourcesPyPI [p4]

Reduce the risk

Wrap awslabs.aws-support-mcp-server in a governed Loadout — scoped permissions, approval rules on write/destructive tools, and audit logging — instead of handing your agent raw access.

Build a governed Loadout

See also: full server page · setup · alternatives