Stats
Actions
Tags
'%20stop-opacity%3D'0.16'%2F%3E%3Cstop%20offset%3D'1'%20stop-color%3D'rgb(200%2C90%2C60)'%20stop-opacity%3D'0.03'%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Crect%20width%3D'320'%20height%3D'200'%20fill%3D'url(%23g)'%2F%3E%3Ccircle%20cx%3D'250'%20cy%3D'56'%20r%3D'92'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.06'%2F%3E%3Ccircle%20cx%3D'64'%20cy%3D'172'%20r%3D'58'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.05'%2F%3E%3C%2Fsvg%3E)
From grc-engineer
Generates CLI commands and API scripts to collect point-in-time audit evidence from AWS, Azure, GCP, Kubernetes, and Terraform. Outputs formatted reports for compliance controls.
How this skill is triggered — by the user, by Claude, or both
Slash command
/grc-engineer:evidence-artifact-collectorThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Generates scripts to collect audit evidence from cloud infrastructure. Automates the most labor-intensive part of compliance - evidence gathering.
Generates scripts to collect audit evidence from cloud infrastructure. Automates the most labor-intensive part of compliance - evidence gathering.
Generate AWS evidence script:
node scripts/collect-evidence.js "MFA for all root users" aws
Generate Azure evidence script:
node scripts/collect-evidence.js "All storage accounts encrypted" azure
Generate GCP evidence script:
node scripts/collect-evidence.js "IAM bindings audit" gcp
#!/usr/bin/env python3
"""
Evidence Collection Script
Control: MFA for all root users
Provider: AWS
Generated: 2025-01-15T10:30:00Z
"""
import boto3
import json
from datetime import datetime
iam = boto3.client('iam')
def collect_mfa_evidence():
"""Collect evidence for MFA requirement on root users."""
evidence = {
"control": "MFA for all root users",
"timestamp": datetime.utcnow().isoformat(),
"results": []
}
# Get account summary
summary = iam.get_account_summary()
mfa_enabled = summary['SummaryMap'].get('AccountMFAEnabled', 0)
evidence["results"].append({
"check": "Root account MFA status",
"status": "PASS" if mfa_enabled == 1 else "FAIL",
"details": f"MFA Enabled: {mfa_enabled == 1}"
})
return evidence
if __name__ == "__main__":
result = collect_mfa_evidence()
print(json.dumps(result, indent=2))
npx claudepluginhub grcengclub/claude-grc-engineering --plugin grc-engineerCollects, organizes, and validates audit evidence for ISO 27001 and SOC 2 using API-first CLI commands. Produces timestamped, auditor-ready evidence packages.
Automates SOC 2 audit prep: assesses Trust Service Criteria controls (CC1-CC9), gathers evidence from docs/logs/IaC, identifies gaps, generates readiness reports.
Maps IaC files (Terraform, Kubernetes, CloudFormation, Pulumi, Ansible) to compliance controls (SOC 2, ISO 27001, NIST 800-53) and generates markdown evidence reports with status and recommendations.