Skip to main content

/

/

Stats

Actions

Tags

Stats

Actions

Tags

ClaudePluginHub

Community directory for discovering and installing Claude Code plugins.

Find plugins for your project

AI-powered recommendations based on your stack.

Product

Browse Plugins
Marketplaces
Pricing
About
Contact

Resources

Learning Center
Blog
Weekly Digest
Claude Code Docs
Plugin Guide
Plugin Reference
Plugin Marketplaces

Community

Browse on GitHub
Get Support

Legal

Terms of Service
Privacy Policy

Browse · Plugins · Top Plugins · Marketplaces · Components · Technologies · Skills · Agents · Commands · Hooks · MCP Servers · LSP Servers · Output Styles · Themes · Monitors

Categories · Productivity · Development · Testing · Deployment · Security · Documentation · Data · Utilities

© 2025 ClaudePluginHub

Community Maintained · Not affiliated with Anthropic

ClaudePluginHub

ClaudePluginHub

Tools Learn Pricing

Search everything...

finding-generator | grc-auditor

Home
Skills
grc-auditor
finding-generator

Skill

finding-generator

From grc-auditor

Generates professional audit findings in Condition-Criteria-Cause-Effect (CCCE) format with severity levels, management letter comments, remediation recommendations, and risk assessments.

Popularity

Parent stars

256

Parent forks

49

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/grc-auditor:finding-generator

User invocable

Model invocable

Inline context

Default effort

Tool Access

This skill is limited to the following tools:

ReadWrite

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Creates professional audit findings and management letter comments.

SKILL.md

45 lines · ~368 tokens

Stats

LanguageJavaScript

Parent stars256

Parent forks49

MaintenanceGood

Last CommitApr 13, 2026

Actions

View Source View Plugin View on GitHub View README

Tags

root-cause-analysis

risk-assessment

remediation-recommendations

management-letter

Stats

LanguageJavaScript

Parent stars256

Parent forks49

MaintenanceGood

Last CommitApr 13, 2026

Actions

View Source View Plugin View on GitHub View README

Tags

root-cause-analysis

risk-assessment

remediation-recommendations

management-letter

Finding Generator

Creates professional audit findings and management letter comments.

Capabilities

Finding Documentation: Structures findings per professional standards
Root Cause Analysis: Identifies underlying causes of deficiencies
Risk Assessment: Evaluates finding severity and impact
Remediation Guidance: Provides actionable recommendations

Finding Format (CCCE)

Condition: What was found (the deficiency)
Criteria: What should be (the standard/requirement)
Cause: Why it happened (root cause)
Effect: What could result (risk/impact)

Finding Severity Levels

High: Material weakness, significant deficiency
Medium: Control deficiency with moderate risk
Low: Opportunity for improvement

Output Formats

Formal audit findings with management response sections
Management letter comments
Gap analysis reports
Remediation tracking worksheets

Example Usage

When documenting an access control finding:

Condition: 3 of 25 terminated users retained access for >30 days
Criteria: Policy requires access removal within 24 hours
Cause: Manual termination process lacks HR integration
Effect: Risk of unauthorized access to sensitive data

$

npx claudepluginhub grcengclub/claude-grc-engineering --plugin grc-auditor

Similar Skills

audit-remediation-program

86

Guides privacy audit findings remediation: prioritizes by severity (critical, high, medium, low), assigns owners, tracks deadlines, verifies fixes, applies closure criteria, and escalates overdue items.

4 files

privacy-skills-complete

View audit-remediation-program

finding

62

Guides writing structured security findings with title conventions, sections, and severity classification. Helps format standalone vulnerability reports.

8 files

audit

17

Activate for: audit, audit preparation, audit pack, internal audit, external audit, regulatory audit, supervisory visit, audit evidence, audit trail, audit readiness, mock audit, audit findings, audit response, audit remediation, audit committee, board audit, annual audit, ISO audit, surveillance audit, certification audit, regulator visit, FCA visit, BSI audit, PCI audit, SOC 2 audit, audit questionnaire, evidence inventory. NOT for: compliance obligation mapping (use official compliance-tracking auto-skill), vendor evaluation (use official /vendor-review), risk register building (use official risk-assessment auto-skill).

2 files

operations-intelligence