From grc-engineer
Generates CLI commands and API scripts to collect point-in-time evidence for audit controls. Automates evidence gathering from cloud providers (AWS, Azure, GCP) and outputs formatted reports.
How this skill is triggered — by the user, by Claude, or both
Slash command
/grc-engineer:evidence-artifact-collectorThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Generates scripts to collect audit evidence from cloud infrastructure. Automates the most labor-intensive part of compliance - evidence gathering.
Generates scripts to collect audit evidence from cloud infrastructure. Automates the most labor-intensive part of compliance - evidence gathering.
Generate AWS evidence script:
node plugins/grc-engineer/scripts/collect-evidence.js "MFA for all root users" aws
Generate Azure evidence script:
node plugins/grc-engineer/scripts/collect-evidence.js "All storage accounts encrypted" azure
Generate GCP evidence script:
node plugins/grc-engineer/scripts/collect-evidence.js "IAM bindings audit" gcp
#!/usr/bin/env python3
"""
Evidence Collection Script
Control: MFA for all root users
Provider: AWS
Generated: 2025-01-15T10:30:00Z
"""
import boto3
import json
from datetime import datetime
iam = boto3.client('iam')
def collect_mfa_evidence():
"""Collect evidence for MFA requirement on root users."""
evidence = {
"control": "MFA for all root users",
"timestamp": datetime.utcnow().isoformat(),
"results": []
}
# Get account summary
summary = iam.get_account_summary()
mfa_enabled = summary['SummaryMap'].get('AccountMFAEnabled', 0)
evidence["results"].append({
"check": "Root account MFA status",
"status": "PASS" if mfa_enabled == 1 else "FAIL",
"details": f"MFA Enabled: {mfa_enabled == 1}"
})
return evidence
if __name__ == "__main__":
result = collect_mfa_evidence()
print(json.dumps(result, indent=2))
npx claudepluginhub vantainc/claude-grc-engineering --plugin grc-engineerGuides completion of development work by verifying tests, detecting environment, and presenting structured options for merge, PR, or cleanup.
Guides creation and editing of skills using test-driven development with pressure scenarios and subagents to verify agent compliance.
Dispatches multiple subagents concurrently for independent tasks without shared state. Use when facing 2+ unrelated failures or subsystems that can be investigated in parallel.
4plugins reuse this skill
First indexed Jul 18, 2026