Hands-on guidance for AI-accelerated AWS development using AWS MCP Servers. Learn to leverage AI coding assistants to enhance your development workflows with AWS best practices.
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"guidance-for-vibe-coding-with-aws-mcp-servers": {
"args": [
"-y",
"pnpm"
],
"command": "npx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
This Guidance demonstrates how to build AI-powered development workflows using Amazon Bedrock AgentCore and the Model Context Protocol (MCP). It provides a complete, deployable hotel booking agent system that showcases "vibe coding" techniques - an AI-assisted development approach that accelerates software development through intelligent code generation, discovery, and problem-solving.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y 'pnpm' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
pnpm has Path Traversal via arbitrary file permission modification
### Summary When pnpm processes a package's `directories.bin` field, it uses `path.join()` without validating the result stays within the package root. A malicious npm package can specify `"directories": {"bin": "../../../../tmp"}` to escape the package directory, causing pnpm to chmod 755 files at arbitrary locations. **Note:** Only affects Unix/Linux/macOS. Windows is not affected (`fixBin` gated by `EXECUTABLE_SHEBANG_SUPPORTED`). ### Details Vulnerable code in `pkg-manager/package-bins/src
pnpm: Binary ZIP extraction allows arbitrary file write via path traversal (Zip Slip)
### Summary A path traversal vulnerability in pnpm's binary fetcher allows malicious packages to write files outside the intended extraction directory. The vulnerability has two attack vectors: (1) Malicious ZIP entries containing `../` or absolute paths that escape the extraction root via AdmZip's `extractAllTo`, and (2) The `BinaryResolution.prefix` field is concatenated into the extraction path without validation, allowing a crafted prefix like `../../evil` to redirect extracted files outsid
pnpm has Windows-specific tarball Path Traversal
### Summary A path traversal vulnerability in pnpm's tarball extraction allows malicious packages to write files outside the package directory on Windows. The path normalization only checks for `./` but not `.\`. On Windows, backslashes are directory separators, enabling path traversal. **This vulnerability is Windows-only.** ### Details **1. Incomplete Path Normalization (`store/cafs/src/parseTarball.ts:107-110`)** ```typescript if (fileName.includes('./')) { fileName = path.posix.join('/'
pnpm scoped bin name Path Traversal allows arbitrary file creation outside node_modules/.bin
### Summary A path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of `node_modules/.bin`. Bin names starting with `@` bypass validation, and after scope normalization, path traversal sequences like `../../` remain intact. ### Details The vulnerability exists in the bin name validation and normalization logic: **1. Validation Bypass (`pkg-manager/package-bins/src/index.ts`)** The filter allows any bin name starting wit
pnpm has symlink traversal in file:/git dependencies
### Summary When pnpm installs a `file:` (directory) or `git:` dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) causes pnpm to copy that file's contents into `node_modules`, leaking local data. **Preconditions:** Only affects `file:` and `git:` dependencies. Registry packages (npm) have symlinks stripped during publish and are NOT affe
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in cloud / developer-tools
XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.
Context7 Platform -- Up-to-date code documentation for LLMs and AI code editors
A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.
Copy/paste detector for programming source code, supports 223 formats. AI-ready with token-efficient reporter, skill and MCP server.
MCP Security Weekly
Get CVE alerts and security updates for Guidance For Vibe Coding With Aws Mcp Servers and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
This Guidance demonstrates how to build AI-powered development workflows using Amazon Bedrock AgentCore and the Model Context Protocol (MCP). It provides a complete, deployable hotel booking agent system that showcases "vibe coding" techniques - an AI-assisted development approach that accelerates software development through intelligent code generation, discovery, and problem-solving.
The Guidance is designed as an interactive workshop where participants learn to:
Participants deploy a realistic hotel booking agent using Amazon Bedrock AgentCore and gain hands-on experience with AI development tools including Kiro, Amazon Q, and AWS MCP Servers. The skills learned can be immediately applied to production projects and shared across development teams.
This workshop leverages AWS MCP Servers, specialized MCP servers that enhance foundation model capabilities through the Model Context Protocol (MCP). MCP is an open protocol that enables seamless integration between LLM applications and external data sources and tools.
The workshop demonstrates these capabilities across three practical scenarios:
The solution implements a multi-tier architecture combining Amazon Bedrock AgentCore with serverless AWS services:



Architecture Flow: