aws-iam-privesc

This fragment is not a software library implementation; it is an explicit AWS privilege-escalation/intrusion playbook targeting IAM/STS/Organizations/SSO/Cognito. It directly instructs how to change authorization policies, trust relationships, and identity provider configuration, and includes example passwords—indicative of malicious intent. If present in a dependency or published artifact, it should be treated as a serious security supply-chain risk.

The provided content is an offensive AWS privilege-escalation/exploitation playbook with explicit, actionable commands (SSM remote execution/persistence, instance metadata credential theft, S3/CloudFormation deployment tampering, KMS/SecretsManager policy abuse, ECR supply-chain/image hijacking). It is highly likely to be malicious or at minimum directly weaponizable. No benign library behavior is present in this fragment.

该技能的声明目的与实际内容高度一致，但该目的本身是为 AI 代理提供 AWS 权限提升、凭据窃取和横向移动能力。安装来源本身不是主要问题；核心风险在于其攻击性能力、真实凭据外泄示例、对云资源的高影响操作，以及包含规避检测/清理痕迹指导。应归类为高风险、可被滥用于入侵与提权的攻击技能，而非普通开发或运维辅助技能。

This content is a clearly malicious AWS privilege-escalation and credential-theft/exfiltration playbook. It instructs attackers to use iam:PassRole and related service APIs to deploy attacker-controlled payloads into high-privilege execution contexts, then steal temporary credentials from metadata endpoints or runtime environment variables, and exfiltrate them via reverse shells or webhooks. If found inside any software supply chain artifact, it should be treated as a severe compromise/weaponization indicator rather than a legitimate dependency.