How does the skill detect IAM privilege escalation?

The skill analyzes IAM policy documents for known 'dangerous combinations' of permissions—such as the ability to create new policy versions or pass roles to compute services—which could allow an attacker to gain administrative access.

What AWS permissions are required to use this skill?

You need AWS credentials with read-only IAM access, specifically the iam:GetAccountAuthorizationDetails permission, to allow the skill to download and analyze account policies.

Does this skill require the Cloudsplaining package?

While the core logic uses boto3 for analysis, having the Cloudsplaining Python package installed is optional and can be used for generating enhanced HTML-based visual reports.

Can this be used for continuous security monitoring?

Yes, this skill can be integrated into automated workflows or CI/CD pipelines to regularly audit IAM changes and prevent the introduction of new escalation paths.

AWS IAM Privilege Escalation Detector

Name: AWS IAM Privilege Escalation Detector
Author: mukul975

bymukul975

•

4,120

•

安全与测试

Identifies dangerous AWS IAM privilege escalation paths and least-privilege violations using boto3 and Cloudsplaining analysis.

This skill enables security professionals and developers to proactively secure AWS environments by detecting misconfigurations in Identity and Access Management (IAM) that lead to privilege escalation. By automating the analysis of account authorization details, it flags high-risk permission combinations such as iam:PassRole with lambda:CreateFunction or unauthorized policy versioning. The skill maps relationships between principals and policies, audits wildcard resource usage, and generates a prioritized JSON report with actionable remediation guidance, making it indispensable for threat hunting, incident response, and maintaining security compliance.

主要功能

01Automated scanning of IAM authorization details via boto3

02Mapping of principal-to-policy relationships to visualize attack vectors

03Audit of wildcard resource (*) policies for dangerous actions

044,120 GitHub stars

05Detection of high-risk permission combinations (e.g., iam:PassRole, iam:CreatePolicyVersion)

06Prioritized reporting with severity scores and remediation recommendations

使用场景

01Conducting automated security audits to enforce least-privilege principles across AWS accounts

02Investigating security incidents to identify potential lateral movement and escalation paths

03Validating security monitoring coverage and building custom threat hunting queries

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills detecting-aws-iam-privilege-escalation

For use in Claude.ai and ChatGPT

主要功能

01Automated scanning of IAM authorization details via boto3

02Mapping of principal-to-policy relationships to visualize attack vectors

03Audit of wildcard resource (*) policies for dangerous actions

044,120 GitHub stars

05Detection of high-risk permission combinations (e.g., iam:PassRole, iam:CreatePolicyVersion)

06Prioritized reporting with severity scores and remediation recommendations

使用场景

01Conducting automated security audits to enforce least-privilege principles across AWS accounts

02Investigating security incidents to identify potential lateral movement and escalation paths

03Validating security monitoring coverage and building custom threat hunting queries

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills detecting-aws-iam-privilege-escalation

For use in Claude.ai and ChatGPT