Habilidades security-compliance-compliance-check
📋

security-compliance-compliance-check

Seguro

Regulatory Compliance Assistant

This skill helps developers and security teams assess compliance readiness for GDPR, HIPAA, SOC2, and PCI-DSS with actionable implementation guidance and audit support.

Suporta: Claude Codex Code(CC)
🥉 74 Bronze
1

Baixar o ZIP da skill

2

Upload no Claude

Vá em Configurações → Capacidades → Skills → Upload skill

3

Ative e comece a usar

Testar

A utilizar "security-compliance-compliance-check". Help me understand the key requirements for GDPR compliance

Resultado esperado:

GDPR compliance requires addressing several core areas:

1. Lawful Basis for Processing - Document your legal basis (consent, contract, legitimate interest)
2. Data Subject Rights - Implement processes for access, rectification, erasure, portability
3. Data Protection by Design - Include privacy from the start of any new system
4. Data Breach Procedures - 72-hour notification process to authorities
5. DPIA Requirements - Data Protection Impact Assessments for high-risk processing

Key evidence needed: Privacy policy, consent records, data processing agreements, breach log, DPIA documentation

A utilizar "security-compliance-compliance-check". What are the SOC2 Trust Principles I need to implement?

Resultado esperado:

SOC2 Trust Principles fall into two categories:

**Common Criteria (Mandatory)**:
- Security (CC1-CC9): Access controls, encryption, monitoring
- Availability (A1): Uptime guarantees, disaster recovery

**Optional Principles**:
- Processing Integrity: Accuracy of data processing
- Confidentiality: Handling of sensitive data
- Privacy: PII protection practices

Each principle has specific controls mapped to them. The Security principle is required for all audits.

Auditoria de Segurança

Seguro
v1 • 2/25/2026

This skill is a legitimate regulatory compliance assistant. All static findings are false positives: code fence markers (```) were incorrectly flagged as command execution, SOC2 (compliance framework) was flagged as C2, strong TLS cipher configurations were flagged as weak crypto, and the word 'audit' triggered system reconnaissance alerts. No actual malicious behavior or prompt injection attempts detected.

2
Arquivos analisados
1,022
Linhas analisadas
0
achados
1
Total de auditorias
Nenhum problema de segurança encontrado
Auditado por: claude

Pontuação de qualidade

38
Arquitetura
100
Manutenibilidade
87
Conteúdo
50
Comunidade
100
Segurança
91
Conformidade com especificações

O Que Você Pode Construir

Initial Compliance Assessment

Evaluate current system architecture and data flows against applicable regulatory requirements to identify gaps and prioritize remediation efforts.

Control Implementation Guide

Receive actionable code examples and configuration guidance for implementing specific compliance controls like encryption, access logging, and data masking.

Audit Documentation Generator

Generate policy templates, audit trail configurations, and evidence collection procedures for upcoming compliance assessments.

Tente Estes Prompts

Basic Compliance Check 
Help me understand the key requirements for {regulation} compliance. What are the main control categories and what evidence do I need to provide for an audit?
Gap Analysis Request 
My application processes {data_types} and serves {user_locations}. What regulations apply and what are the specific gaps I need to address for {target_compliance}?
Control Implementation 
I need to implement {control_type} for {regulation} compliance. Show me code examples for {specific_requirement} including logging and monitoring.
Audit Preparation 
I have a {regulation} audit in {timeframe}. What documentation do I need, what evidence should I prepare, and what are the common findings I should address first?

Melhores Práticas

  • Map data flows completely before starting compliance work to understand what regulations apply
  • Start with the most critical controls (access control, encryption, logging) before addressing administrative requirements
  • Document all compliance decisions with rationale to build audit evidence over time

Evitar

  • Claiming compliance without formal assessment - this skill helps but does not replace certified auditors
  • Treating compliance as a one-time project instead of continuous maintenance
  • Focusing only on technical controls and ignoring administrative and physical safeguards

Perguntas Frequentes

Can this skill guarantee my company will pass a compliance audit?
No. This skill provides guidance and implementation assistance but cannot guarantee audit outcomes. Formal compliance certification requires assessment by authorized auditors.
Which regulations does this skill cover?
The skill covers GDPR (EU data protection), HIPAA (US healthcare), SOC2 (service organizations), and PCI-DSS (payment card data).
Does this skill provide legal advice?
No. This skill provides technical compliance guidance. For legal matters, consult with qualified legal professionals.
How do I know which regulations apply to my business?
The skill analyzes your business context including data types, geographic reach, industry, and transaction volumes to identify applicable regulations.
Can this skill help with ongoing compliance maintenance?
Yes. The skill provides guidance on continuous monitoring, periodic review processes, and keeping up with regulatory changes.
What evidence should I prepare for a compliance audit?
Common evidence includes: policies and procedures, risk assessments, training records, access logs, encryption configurations, incident response plans, and vendor assessments.

Detalhes do Desenvolvedor

Autor

sickn33

Licença

MIT

Repositório

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/security-compliance-compliance-check

Referência

main

Estrutura de arquivos

📁 resources/

📄 implementation-playbook.md

📄 SKILL.md