Cloud IAM Deep
Chains cloud IAM attacks across AWS, Azure, and GCP to map privilege escalation.
Test report
- Verdict
- Works with setup
- Score
- Tested
- Jul 13, 2026
- Environment
- Claude Code 2.x (agent harness)
- Upstream re-checked
- Jul 19, 2026 · 19aba18
Tested defensively as an AWS IAM audit aid on an inline policy with a planted iam:CreateAccessKey + iam:ListUsers on Resource:"*" privilege-escalation misconfiguration (no live cloud, no real credentials, no offensive tooling run). Verbatim single-skill copy install is clean: one self-contained SKILL.md, strict-YAML frontmatter, no broken references. In the A/B the skill correctly flagged the planted privesc as Critical with a scoped least-privilege fix, but the base arm (no skill) caught the exact same escalation chain and remediation and even added one secondary finding the skill missed, so the skill showed no measurable output lift on this defensive task.
Scored on four weighted criteria — install, triggering, output vs. baseline, docs. How scoring works
- Installs cleanly 5/5
- Triggers reliably 4/5
- Output vs. baseline 5/10
- Docs & honesty 4/5
What Cloud IAM Deep does
Cloud IAM red-team attack chain across AWS, Azure, GCP — focused on EXTERNAL exploitation paths and post-credential-discovery privilege analysis. Covers IAM enumeration (aws iam, az role, gcloud iam), STS/AssumeRole chaining, Azure Managed Identity abuse (via SSRF/leak), GCP service account JSON abuse, IMDSv1/v2 attacks via SSRF, K8s ServiceAccount token privilege analysis once held (token…
How to install Cloud IAM Deep
git clone https://github.com/elementalsouls/Claude-BugHunter
cd Claude-BugHunter
mkdir -p ~/.claude/skills
cp -r skills/cloud-iam-deep ~/.claude/skills/cloud-iam-deep
Skills live in ~/.claude/skills/ (global) or .claude/skills/
(per-project). Restart Claude Code after installing.
Commands — how to trigger Cloud IAM Deep
-
/cloud-iam-deepChains cloud IAM attacks across AWS, Azure, and GCP to map privilege escalation.
It also activates on plain-language prompts like these:
-
Enumerate IAM roles and find privilege escalation paths -
Chain an AssumeRole attack across these AWS accounts -
Test this GCP service account for privilege abuse
Frequently asked questions
- Is the Cloud IAM Deep skill free?
- Yes. The skill itself is free from elementalsouls/Claude-BugHunter. SkillProof publishes the install command and an independent test verdict at no cost.
- Does Cloud IAM Deep work with Claude Code?
- We tested it with Claude Code 2.x (agent harness) on Jul 13, 2026. Verdict: Works with setup. Tested defensively as an AWS IAM audit aid on an inline policy with a planted iam:CreateAccessKey + iam:ListUsers on Resource:"*" privilege-escalation misconfiguration (no live cloud, no real credentials, no offensive tooling run). Verbatim single-skill copy install is clean: one self-contained SKILL.md, strict-YAML frontmatter, no broken references. In the A/B the skill correctly flagged the planted privesc as Critical with a scoped least-privilege fix, but the base arm (no skill) caught the exact same escalation chain and remediation and even added one secondary finding the skill missed, so the skill showed no measurable output lift on this defensive task.
- What is the Cloud IAM Deep SkillProof Score?
- 7.2/10 — installs cleanly 5/5, triggers reliably 4/5, output vs. baseline 5/10, docs & honesty 4/5.
- How do I install Cloud IAM Deep?
- Copy the install command from this page, run it in your terminal, and restart Claude Code. Skills live in ~/.claude/skills/ (global) or .claude/skills/ inside a project.
- Can I use Cloud IAM Deep with Cursor, Copilot, Gemini CLI, Codex or other AI tools?
- The SKILL.md format is native to Claude (Claude Code, Desktop, claude.ai). The instructions inside adapt to other assistants: Cursor rules, GitHub Copilot instructions, Windsurf rules, Custom GPTs, AGENTS.md for OpenAI Codex, and GEMINI.md for Google Gemini CLI — our conversion guides cover each, and the free converter on the tools page does the wrapping for you.