Skill Trust Index / detail

SnailSploit/Claude-Red/offensive-cloud

46
dangerous analyzed 2h ago
WHY THIS SCORE

Claims

Cloud security attack methodology covering AWS, Azure, and GCP. Includes credential harvesting, enumeration, privilege escalation, persistence, data exfiltration, lateral movement, serverless attacks, Kubernetes paths, and CSPM evasion.

Actual behavior

The skill acts as a static reference guide (manifest) containing documentation and shell command snippets for cloud offensive security. It lists specific tools (Pacu, ScoutSuite, etc.) and commands (aws sts, az account, curl) but does not execute them autonomously. It documents risks (SSRF, IMDSv2) and defenses (log validation, GuardDuty mute) rather than performing them.

Findings

medium raw_ip_net — connects to a raw IP address
MDSv1 (legacy) curl http://169.254.169.254/latest/meta-data/ia
medium raw_ip_net — connects to a raw IP address
OKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" \
medium raw_ip_net — connects to a raw IP address
-token: $TOKEN" \ http://169.254.169.254/latest/meta-data/ia
medium raw_ip_net — connects to a raw IP address
Metadata:true" \ "http://169.254.169.254/metadata/identity/o

Attestation

signer 0xB62e1c338a83D3a6621f9127eEa5B000caCfCd01
digest 0x63f59cc7b373d3d8ffa5e8f92438bf9e4e4b463e686d32ad4c306fbf16637b30
verify: GET /skill/verify?digest=…&signature=… · scheme eip191-sha256

← Back to the index