Skill

audit-ready-pr-reviewer

Reviews pull requests for compliance regressions. Scans code diffs for security and compliance violations, flags issues, and suggests fixes aligned with frameworks like SOC 2, ISO 27001, NIST 800-53.

Install

npx claudepluginhub rifh2000/claude-grc-engineering. --plugin grc-engineer

Tool Access

This skill is limited to using the following tools:

BashReadGlobWriteEdit

Preview

Reviews GitHub/GitLab pull requests specifically for compliance regressions. Shifts compliance "left" into the developer's daily workflow.

SKILL.md

Similar Skills

design-system

Generates design tokens/docs from CSS/Tailwind/styled-components codebases, audits visual consistency across 10 dimensions, detects AI slop in UI.

team-skills-platform

167.4k

ui-demo

Records polished WebM UI demo videos of web apps using Playwright with cursor overlay, natural pacing, and three-phase scripting. Activates for demo, walkthrough, screen recording, or tutorial requests.

team-skills-platform

167.4k

kotlin-patterns

Delivers idiomatic Kotlin patterns for null safety, immutability, sealed classes, coroutines, Flows, extensions, DSL builders, and Gradle DSL. Use when writing, reviewing, refactoring, or designing Kotlin code.

team-skills-platform

167.4k

Stats

Parent Repo Stars0

Parent Repo Forks0

Last CommitApr 18, 2026

Used By2 plugins

Actions

View Source View Plugin View on GitHub View README

Audit-Ready PR Reviewer

Reviews GitHub/GitLab pull requests specifically for compliance regressions. Shifts compliance "left" into the developer's daily workflow.

Quick Commands

Review a PR for SOC 2 compliance:

node scripts/review-pr.js myorg/infrastructure 42 SOC2

Review a PR for ISO 27001:

node scripts/review-pr.js myorg/infrastructure 42 ISO27001

Review a PR with custom framework:

node scripts/review-pr.js myorg/infrastructure 42 NIST80053

What It Checks

Privilege Escalation - Detects overly permissive IAM roles/policies

Encryption - Flags missing encryption at rest or in transit

Tagging/Labeling - Ensures required tags/labels are present

Network Security - Validates VPC configurations, security groups

Access Controls - Checks authentication and authorization

Logging - Verifies audit logging is enabled

Backup/Recovery - Ensures backup configurations

Output Format

Posts GitHub comments with:

⚠️ Warning level and control reference

📝 Description of the issue

✅ Suggested fix with code example

🔗 Link to relevant compliance control

Example Comment

⚠️ **Compliance Warning: SOC 2 CC6.1 - Least Privilege** This PR introduces an IAM role with `AdministratorAccess`, which violates the Least Privilege principle. **Issue:** Line 23 in `terraform/iam.tf` assigns full administrative access. **Suggested Fix:** ```hcl resource "aws_iam_role" "app_role" { assume_role_policy = jsonencode({ Version = "2012-10-17" Statement = [{ Effect = "Allow" Action = [ "s3:GetObject", "s3:PutObject" ] Resource = "arn:aws:s3:::my-bucket/*" }] }) }

Control Reference: SOC 2 CC6.1, NIST 800-53 AC-6

## Prerequisites - GitHub repository (owner/repo format) - PR number - `GITHUB_TOKEN` environment variable (requires `repo` scope) - Optional: Framework name (defaults to SOC2)