From trust-center
Build and deploy a production-ready Trust Center for any company. Use this skill whenever someone asks to create a trust center, compliance portal, security page, or wants to publish their SOC 2/SOC 3/ISO 27001/HIPAA/compliance posture publicly. Also triggers when someone mentions gated document access for audit reports, NDA-based document sharing, or wants to replace paid trust center tools like Secureframe, Vanta, Drata, or SafeBase. Even if they just say "I need a place to share my SOC 2 with customers" — that's a trust center. Use this skill.
How this skill is triggered — by the user, by Claude, or both
Slash command
/trust-center:trust-centerThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Build a serverless trust center that publishes a company's compliance posture —
references/api-handler.pyreferences/deploy-script.shreferences/frontend-files/index.htmlreferences/frontend-files/package.jsonreferences/frontend-files/src/hooks/useAuth.jsxreferences/frontend-files/src/main.jsxreferences/frontend-files/src/pages/AdminDashboard.jsxreferences/frontend-files/src/pages/LoginPage.jsxreferences/frontend-files/src/pages/TrustCenter.jsxreferences/frontend-files/src/utils/api.jsreferences/frontend-files/vite.config.jsreferences/infrastructure-template.yamlBuild a serverless trust center that publishes a company's compliance posture — certifications, policies, and audit reports — with gated access for sensitive documents.
A fully deployed trust center with:
Monthly cost: ~$5-15/mo for the trust center infrastructure (e-signature provider costs vary).
Follow these steps in order. Each step builds on the previous one.
Ask the user for the following. Be conversational — don't dump all questions at once. Ask 2-3 at a time, then move on.
Required:
For each certification, ask:
Ask about documents:
Ask about NDA / e-signature (optional):
Optional:
If they have a SOC 2 report file, ask them to share it — the skill can extract certification details, control counts, and audit period automatically.
If the user provides a SOC 2 report or other compliance documents:
Read the reference files to generate the code. The order matters:
Read references/infrastructure-template.yaml → Generate infrastructure/template.yaml
Read references/api-handler.py → Generate backend/functions/api_handler.py
Read references/seed-data.md → Generate backend/seed_data.py
Copy frontend files from references/frontend-files/ → Generate the React frontend:
TrustCenter.jsx DEMO_CONFIG and DEMO_DOCUMENTS with the user's dataCopy references/deploy-script.sh → Generate deploy.sh
Generate README.md with company-specific details
The final output should be:
trust-center/
├── README.md
├── deploy.sh # One-command deploy
├── infrastructure/
│ └── template.yaml # CloudFormation (full AWS stack)
├── backend/
│ ├── functions/
│ │ └── api_handler.py # Lambda API
│ └── seed_data.py # Company-specific data population
├── frontend/
│ ├── index.html
│ ├── package.json
│ ├── vite.config.js
│ └── src/
│ ├── main.jsx
│ ├── hooks/useAuth.jsx
│ ├── pages/TrustCenter.jsx
│ ├── pages/AdminDashboard.jsx
│ ├── pages/LoginPage.jsx
│ └── utils/api.js
└── docs/
└── DEPLOYMENT.md # Step-by-step guide
Walk the user through deployment:
aws sts get-caller-identityaws configure get region./deploy.sh --email ADMIN_EMAILIf deploying from Claude Code, run these commands directly.
After deployment, upload the user's actual compliance documents:
DOCS_BUCKET=$(aws cloudformation describe-stacks \
--stack-name trust-center-prod \
--query 'Stacks[0].Outputs[?OutputKey==`DocumentsBucket`].OutputValue' \
--output text)
aws s3 cp SOC2_Report.pdf "s3://$DOCS_BUCKET/documents/SOC2_Report.pdf"
aws s3 cp SOC3_Report.pdf "s3://$DOCS_BUCKET/documents/SOC3_Report.pdf"
# ... etc for each policy document
If the user wants automated NDA signing, guide them through connecting their chosen e-signature provider. See the "NDA Integration" section below for details.
The trust center supports an optional NDA signing step before granting access to gated documents. The backend is designed to be provider-agnostic — it uses environment variables for the API key, URL, and template ID, and a webhook endpoint for completion callbacks.
The user must choose an e-signature provider. Here are the tested options:
DOCUMENT_COMPLETEDcompletedform.completedenvelope-completedAfter choosing, the user needs to:
https://TRUST_CENTER_URL/api/webhook/esignESIGN_PROVIDER: documenso | opensign | docuseal | docusignESIGN_API_KEY: their API keyESIGN_API_URL: provider's API base URLESIGN_NDA_TEMPLATE_ID: the template ID from step 1The backend auto-detects the provider and formats API calls accordingly. If no provider is configured (env vars are empty), the NDA step is skipped and requests go straight to admin review.
After the initial build, users can ask to:
Guides completion of development work by verifying tests, detecting environment, and presenting structured options for merge, PR, or cleanup.
Guides creation and editing of skills using test-driven development with pressure scenarios and subagents to verify agent compliance.
Dispatches multiple subagents concurrently for independent tasks without shared state. Use when facing 2+ unrelated failures or subsystems that can be investigated in parallel.
2plugins reuse this skill
First indexed Jul 18, 2026
npx claudepluginhub vantainc/claude-grc-engineering --plugin trust-center