identity-blast-radius
OfficialQuantify IAM compromise blast radius
Legal & Compliance#risk assessment#iam#blast radius#cloud audit#attack narrative#permission simulation#compliance impact
Authoraurainfosec
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill eliminates guesswork about how bad an IAM identity compromise can be by translating effective permissions into a concrete, risk-ranked blast radius.
Core Features & Use Cases
- Identity-to-permissions mapping: Resolves an IAM principal (role/user/instance profile) and enumerates effective actions across attached and inline policies, including permission boundary and deny constraints.
- Reachability across service categories: Assesses Data, Identity, Detection, Compute, and Network impacts by simulating allowed actions and counting reachable real resources.
- Business impact and risk classification: Converts technical access into real-world consequences and produces a CRITICAL-to-INFORMATIONAL risk level with an auditable narrative.
Quick Start
Ask: Analyze the blast radius of role arn:aws:iam::123456789012:role/app-server-role and report the worst-case business impact and risk level.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: identity-blast-radius Download link: https://github.com/aurainfosec/cloud-review-automation-poc/archive/main.zip#identity-blast-radius Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.