AWS MCP Server
v0.2.4
Verified
AWS services integration. WARNING: Credential exposure risk - stores AWS credentials in plaintext logs.
By CommunityMIT
typescript
developer tools
2.1Kstars
52.0Kdownloads
285forks
Scanned Feb 8, 2026
D38%
Scanned 3w ago
Poor Security
Vulnerabilities Found
2Crit
3High
3Med
3Low
4Info
Security ScoreD
38
out of 100
Vulnerabilities Found
2
Crit
3
High
3
Medi
3
Low
4
Info
Last scanned: 2/8/2026
Quality ScoreF
55
out of 100
55
Maint.
57
Popular
60
Docs
58
Compat
Maintenance55%
Popularity57%
Documentation60%
Compatibility58%
Maintenance55
Recent
11 days agoCommit Frequency56%
Release Frequency55%
Issue Response55%
Popularity57
2.1K
Stars
52.0K
Downloads
285
Forks
Stars Score60%
Downloads Score76%
Forks Score64%
Documentation60
README Quality82%
Available Documentation
API DocsExamplesChangelog
Compatibility58
MCP Spec Compliance60%
Transport Support50%
Features
TypeScript
Supported Transports
STDIO
Vulnerabilities(15)
2Critical
3High
3Medium
3Low
4Info
Filter:
READMEAWS MCP Server
AWS MCP Server
⚠️ SECURITY WARNING: CREDENTIAL EXPOSURE ⚠️
Issue
Debug logging inadvertently exposes AWS credentials in plaintext.
Details
When debug mode is enabled (which is the default), the server logs:
- AWS Access Key IDs
- AWS Secret Access Keys
- Session tokens
These logs may be:
- Written to disk
- Sent to logging services
- Visible in terminal history
CVSS: 7.5 (High)
Mitigation
- Disable debug logging in production
- Clear existing logs
- Rotate AWS credentials
- Use IAM roles instead of static credentials
Fix Status
A PR has been submitted but not yet merged.
Embed Security Badge
Add this badge to your README or documentation
[](https://mcpsafe.org/registry/aws-mcp-server-vuln)Need more customization options?Badge Documentation
Server Information
- Source
- NPM
- Package
- aws-mcp-server
- Version
- 0.2.4
- Language
- typescript
- License
- MIT
- Transport
- STDIO
- Added
- Jan 20, 2026
- Updated
- Feb 8, 2026