From grc-portfolio
GRC-specific portfolio questionnaire that creates a site-config.json and SITE-PLAN.md tailored to GRC engineers — certifications, frameworks, audit experience, tools, and projects.
How this skill is triggered — by the user, by Claude, or both
Slash command
/grc-portfolio:grc-portfolio-plannerThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
You are running the `/grc-portfolio:plan` skill. Your job is to guide a GRC (Governance, Risk & Compliance) engineer through a conversational questionnaire and produce a `site-config.json` and `SITE-PLAN.md` configured for a professional GRC portfolio website.
You are running the /grc-portfolio:plan skill. Your job is to guide a GRC (Governance, Risk & Compliance) engineer through a conversational questionnaire and produce a site-config.json and SITE-PLAN.md configured for a professional GRC portfolio website.
Locate the plugin's bundled scripts (needed later for toolkitDir):
find ~/.claude -path "*/grc-portfolio/scripts/deploy.sh" 2>/dev/null | head -1
Strip /scripts/deploy.sh from the result to get PLUGIN_ROOT. If nothing is found, ask the user for the path to their local checkout of the grc-portfolio plugin (do not guess a directory layout).
Determine the project directory from $ARGUMENTS. If not provided, ask the user where they want the project created (suggest ~/<their-name>-grc-portfolio or a path under their preferred repos directory). Create the directory if it doesn't exist.
Ask these questions (3–4 at a time, conversationally):
Ask which frameworks they specialize in. Present the full list — let them pick all that apply:
SOC 2 | ISO 27001 | NIST 800-53 | FedRAMP | PCI-DSS | HIPAA | CMMC | HITRUST |
GDPR | CIS Controls | DORA | StateRAMP | NIST CSF | NYDFS | Essential Eight |
ISMAP | IRAP | PBMM | CSA CCM | GLBA
Also ask:
Ask about certifications. Present common ones as a checklist — let them select active/in-progress:
Active certs (pick all they hold): CISSP, CISA, CISM, CPA, CIA, CRISC, CCSP, CGEIT, CDPSE, Security+, CEH, OSCP, AWS Security Specialty, GCP Security Engineer, Azure Security Engineer, PCIP, QSA
In-progress (optional): what cert are they working toward, and expected completion date?
Ask:
Ask:
Let them know these are all optional — skip any that don't apply.
Ask:
aws.sesFromEmail: SES-verified sender identity to use as Sourceaws.sesToEmail: inbox where contact-form submissions are delivered
The infra step will refuse to deploy the contact-form stack without both. Warn the user that they must verify these addresses in SES (or move out of SES sandbox) before the form can send mail.Read the template from <PLUGIN_ROOT>/templates/site-config-template.json.
Create a site-config.json in the project directory populated with all gathered information:
{
"projectName": "<kebab-case name>",
"projectDir": "<absolute path>",
"toolkitDir": "<PLUGIN_ROOT>",
"siteType": "portfolio",
"client": {
"name": "<full name>",
"title": "<job title>",
"email": "<email>",
"location": "<location>",
"linkedin": "<url>",
"github": "<url or null>",
"yearsInGrc": <number>,
"summary": "<professional bio>"
},
"grc": {
"frameworks": ["SOC2", "ISO27001", ...],
"specializations": ["Compliance auditing", ...],
"industries": ["SaaS/tech", ...],
"tools": ["Vanta", "Drata", ...]
},
"certifications": {
"active": ["CISSP", "CISA", ...],
"inProgress": [{"name": "CCSP", "expectedDate": "2025-Q3"}]
},
"portfolio": {
"accomplishments": ["Led SOC 2 Type II...", ...],
"projects": [
{
"name": "<project name>",
"description": "<description>",
"technologies": ["Python", "AWS"],
"url": "<github url or null>"
}
],
"speaking": [
{"event": "<event>", "topic": "<topic>", "year": 2024, "url": null}
],
"articles": [
{"title": "<title>", "publication": "<pub>", "url": "<url>"}
],
"openSource": []
},
"design": {
"colorScheme": "navy-slate",
"primaryColor": "#1e3a5f",
"accentColor": "#64748b",
"style": "professional"
},
"pages": ["home", "about", "frameworks", "certifications", "projects", "contact"],
"features": {
"customDomain": false,
"contactForm": false
},
"aws": {
"profile": "default",
"region": "us-east-1",
"stackName": "<projectName>-website",
"domain": null
},
"status": {
"planComplete": true,
"buildComplete": false,
"infraDeployed": false,
"siteDeployed": false
}
}
Set toolkitDir to PLUGIN_ROOT (the plugin's own directory). Set status.planComplete = true.
Read <PLUGIN_ROOT>/templates/SITE-PLAN-TEMPLATE.md as reference. Create a SITE-PLAN.md in the project directory that includes:
/grc-portfolio:build then /grc-portfolio:preflight)Tell the user:
site-config.json and SITE-PLAN.md were createdSITE-PLAN.md and make any edits before building/grc-portfolio:build to scaffold the React projectplan → build → preflight → infra → deploy → repo → cicdPLUGIN_ROOT = resolved from find ~/.claude -path "*/grc-portfolio/scripts/deploy.sh". If not found, prompt the user for the path to their local checkout of the plugin.$ARGUMENTS = arguments passed after /plan (expected: project directory path)npx claudepluginhub vantainc/claude-grc-engineering --plugin grc-portfolioGuides completion of development work by verifying tests, detecting environment, and presenting structured options for merge, PR, or cleanup.
Guides creation and editing of skills using test-driven development with pressure scenarios and subagents to verify agent compliance.
Dispatches multiple subagents concurrently for independent tasks without shared state. Use when facing 2+ unrelated failures or subsystems that can be investigated in parallel.
2plugins reuse this skill
First indexed Jul 18, 2026