compliance-auditor
について
コンプライアンス監査スキルは、SOC2、HIPAA、GDPR、PCI-DSSなどの主要なフレームワークに対する監査と監視を自動化します。このスキルは、コンプライアンスチェックの実行、管理策の実施、レポートの生成、外部監査への準備に使用されます。主な機能には、Read、Write、Edit、Bash、Grep、Globなどのツールを活用し、特定のフレームワーク基準に基づく管理策の評価が含まれます。
クイックインストール
Claude Code
推奨/plugin add https://github.com/majiayu000/claude-skill-registrygit clone https://github.com/majiayu000/claude-skill-registry.git ~/.claude/skills/compliance-auditorこのコマンドをClaude Codeにコピー&ペーストしてスキルをインストールします
ドキュメント
Compliance Auditor
Automated compliance auditing and continuous monitoring for regulatory frameworks.
When to Use
- Running SOC2, HIPAA, GDPR, or PCI-DSS audits
- Implementing compliance controls
- Generating compliance reports
- Monitoring compliance posture
- Preparing for external audits
Compliance Frameworks
SOC2 Type II
Trust Service Criteria:
- Security
- Availability
- Processing Integrity
- Confidentiality
- Privacy
HIPAA
Key Requirements:
- PHI protection
- Access controls
- Audit logging
- Encryption (at rest and in transit)
- Business Associate Agreements
GDPR
Key Requirements:
- PII identification and protection
- Consent management
- Data subject rights
- Data retention policies
- Cross-border transfer controls
PCI-DSS
Requirements:
- Cardholder data protection
- Network segmentation
- Encryption
- Access controls
- Regular security testing
Automated Compliance Checks
# Compliance scanner
class ComplianceScanner:
def scan_soc2(self, codebase_path: str) -> ComplianceReport:
findings = []
# Check for hardcoded secrets
secrets = self.detect_secrets(codebase_path)
if secrets:
findings.append(Finding(
severity='CRITICAL',
control='CC6.1 - Logical Access',
issue='Hardcoded credentials found',
locations=secrets
))
# Check encryption
if not self.verify_encryption_at_rest():
findings.append(Finding(
severity='HIGH',
control='CC6.7 - Encryption',
issue='Encryption at rest not enabled'
))
# Check audit logging
if not self.verify_audit_logging():
findings.append(Finding(
severity='HIGH',
control='CC7.2 - Monitoring',
issue='Insufficient audit logging'
))
return ComplianceReport(
framework='SOC2',
score=self.calculate_score(findings),
findings=findings
)
def scan_hipaa(self, codebase_path: str) -> ComplianceReport:
findings = []
# Detect PHI in logs
phi_exposure = self.detect_phi_in_logs(codebase_path)
if phi_exposure:
findings.append(Finding(
severity='CRITICAL',
requirement='§164.308(a)(1)(ii)(D) - Information Access',
issue='PHI exposed in application logs',
locations=phi_exposure
))
# Check encryption
if not self.verify_hipaa_encryption():
findings.append(Finding(
severity='CRITICAL',
requirement='§164.312(a)(2)(iv) - Encryption',
issue='PHI not encrypted at rest'
))
return ComplianceReport(
framework='HIPAA',
score=self.calculate_score(findings),
findings=findings
)
Compliance Controls Implementation
# Infrastructure as Code - Compliance controls
compliance_controls:
soc2:
access_control:
- mfa_required: true
- password_policy:
min_length: 12
require_uppercase: true
require_numbers: true
require_symbols: true
- session_timeout: 900 # 15 minutes
encryption:
- data_at_rest: AES-256
- data_in_transit: TLS 1.2+
- key_rotation: 90 # days
monitoring:
- centralized_logging: true
- log_retention: 365 # days
- alerts:
- unauthorized_access
- privilege_escalation
- data_exfiltration
hipaa:
phi_protection:
- encryption_required: true
- access_logging: true
- minimum_necessary: true
audit_controls:
- log_phi_access: true
- log_modifications: true
- log_deletions: true
- retention_period: 2555 # 7 years
Best Practices
- ✅ Run compliance scans weekly minimum
- ✅ Automate compliance checks in CI/CD
- ✅ Maintain compliance evidence automatically
- ✅ Regular security training for team
- ✅ Document all compliance controls
- ✅ Conduct annual risk assessments
Related Skills
security-architectagentcompliance-officeragent/compliance-scancommand
GitHub リポジトリ
関連スキル
content-collections
メタThis skill provides a production-tested setup for Content Collections, a TypeScript-first tool that transforms Markdown/MDX files into type-safe data collections with Zod validation. Use it when building blogs, documentation sites, or content-heavy Vite + React applications to ensure type safety and automatic content validation. It covers everything from Vite plugin configuration and MDX compilation to deployment optimization and schema validation.
creating-opencode-plugins
メタThis skill provides the structure and API specifications for creating OpenCode plugins that hook into 25+ event types like commands, files, and LSP operations. It offers implementation patterns for JavaScript/TypeScript modules that intercept and extend the AI assistant's lifecycle. Use it when you need to build event-driven plugins for monitoring, custom handling, or extending OpenCode's capabilities.
sglang
メタSGLang is a high-performance LLM serving framework that specializes in fast, structured generation for JSON, regex, and agentic workflows using its RadixAttention prefix caching. It delivers significantly faster inference, especially for tasks with repeated prefixes, making it ideal for complex, structured outputs and multi-turn conversations. Choose SGLang over alternatives like vLLM when you need constrained decoding or are building applications with extensive prefix sharing.
polymarket
メタThis skill enables developers to build applications with the Polymarket prediction markets platform, including API integration for trading and market data. It also provides real-time data streaming via WebSocket to monitor live trades and market activity. Use it for implementing trading strategies or creating tools that process live market updates.