cloud-iam-audit

该技能不是普通云审计指南，而是面向 AI 代理的多云凭据利用与权限提升手册；其能力范围包含提权、跨账号攻击、后门密钥创建与日志规避，和防御性“审计”目的不成比例。CLI 来源大体官方，但整体技能仍应判为高风险、可被直接用于攻击性云入侵。

This fragment is strongly indicative of malicious cloud attack tradecraft: it provides an end-to-end procedure to escalate privileges in Tencent Cloud (CAM/STS/SCF), deploy/elevate attacker-controlled serverless code that harvests credentials from a metadata endpoint, tamper with trust policies, create persistent backdoor access keys, and steal sensitive data from COS (plus enumerate KMS/SSL materials). Even though it is not normal dependency source code, it is actionable and high risk; it should be treated as hostile content and not included or executed in any supply-chain context.

This document is a high-risk, malicious guide for AWS privilege escalation and credential harvesting. It contains multiple explicit, actionable techniques to obtain or escalate to Administrator-level privileges (CreatePolicyVersion, PassRole abuses, sts:AssumeRole, EC2 IMDS retrieval), and includes advice to avoid detection. Treat this content as hostile/malicious: do not execute these commands in your environment and investigate any presence of such scripts/notes in repositories or systems. Remediation: audit IAM permissions to remove overly broad rights (e.g., prevent iam:CreatePolicyVersion, limit iam:PassRole, restrict sts:AssumeRole trust relationships), enable CloudTrail everywhere, enable GuardDuty, rotate compromised credentials, and remove any backdoors.