Stats
Actions
Tags
From grc-engineer
Generates CLI commands and API scripts to collect point-in-time audit evidence from AWS, Azure, GCP, Kubernetes, and Terraform. Outputs formatted reports for compliance controls.
How this skill is triggered — by the user, by Claude, or both
Slash command
/grc-engineer:evidence-artifact-collectorThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Generates scripts to collect audit evidence from cloud infrastructure. Automates the most labor-intensive part of compliance - evidence gathering.
Generates scripts to collect audit evidence from cloud infrastructure. Automates the most labor-intensive part of compliance - evidence gathering.
Generate AWS evidence script:
node scripts/collect-evidence.js "MFA for all root users" aws
Generate Azure evidence script:
node scripts/collect-evidence.js "All storage accounts encrypted" azure
Generate GCP evidence script:
node scripts/collect-evidence.js "IAM bindings audit" gcp
#!/usr/bin/env python3
"""
Evidence Collection Script
Control: MFA for all root users
Provider: AWS
Generated: 2025-01-15T10:30:00Z
"""
import boto3
import json
from datetime import datetime
iam = boto3.client('iam')
def collect_mfa_evidence():
"""Collect evidence for MFA requirement on root users."""
evidence = {
"control": "MFA for all root users",
"timestamp": datetime.utcnow().isoformat(),
"results": []
}
# Get account summary
summary = iam.get_account_summary()
mfa_enabled = summary['SummaryMap'].get('AccountMFAEnabled', 0)
evidence["results"].append({
"check": "Root account MFA status",
"status": "PASS" if mfa_enabled == 1 else "FAIL",
"details": f"MFA Enabled: {mfa_enabled == 1}"
})
return evidence
if __name__ == "__main__":
result = collect_mfa_evidence()
print(json.dumps(result, indent=2))
npx claudepluginhub grcengclub/claude-grc-engineering --plugin grc-engineerCollects, organizes, and validates audit evidence for ISO 27001 and SOC 2 using API-first CLI commands. Produces timestamped, auditor-ready evidence packages.
Maps AWS compliance evidence for audits across Security Hub, Config, Audit Manager, CloudTrail, and Artifact. Use for evidence packaging and audit readiness, not general security hardening.
Automates SOC 2 audit prep: assesses Trust Service Criteria controls (CC1-CC9), gathers evidence from docs/logs/IaC, identifies gaps, generates readiness reports.