aws-post-exploit

The provided content is highly malicious and is best classified as a comprehensive AWS persistence/backdoor and defense-evasion guide. It includes explicit credential exfiltration from Lambda environment variables to attacker-controlled C2 endpoints, creation of backdoor IAM identities and authentication mechanisms (including MFA/IdP/role trust), and instructions to suppress or delete logs/detections. This should be treated as an extremely dangerous supply-chain/security threat context and not used as part of any legitimate software distribution. Confidence is high because the instructions directly match known persistence/backdoor and evasion patterns.

MALICIOUS. The skill is explicitly designed for unauthorized AWS post-exploitation: stealing data and credentials, moving laterally, creating persistent backdoors, and suppressing detection/logging. Its capabilities, data flows, and stealth guidance are inherently offensive and dangerous for an AI agent.

This fragment is not benign application/library code; it is an explicit attack/exfiltration playbook describing step-by-step procedures to steal sensitive data from multiple AWS services and to sabotage confidentiality using ransomware-like S3 re-encryption. It includes concrete command patterns for permission changes, data export, event-source hijacking, secret harvesting, and OPSEC evasion tactics. High probability of malicious intent; this material should be treated as harmful and not included in a legitimate software supply chain.