commit d07e92cb0d0e117aab5b0a827cfbc4a3f204d1b1 Author: Zhongwei Li Date: Sun Nov 30 08:22:39 2025 +0800 Initial commit diff --git a/.claude-plugin/plugin.json b/.claude-plugin/plugin.json new file mode 100644 index 0000000..ac74952 --- /dev/null +++ b/.claude-plugin/plugin.json @@ -0,0 +1,15 @@ +{ + "name": "soc2-audit-helper", + "description": "Assist with SOC2 audit preparation", + "version": "1.0.0", + "author": { + "name": "Jeremy Longshore", + "email": "[email protected]" + }, + "skills": [ + "./skills" + ], + "commands": [ + "./commands" + ] +} \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..22d872d --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +# soc2-audit-helper + +Assist with SOC2 audit preparation diff --git a/commands/soc2-audit.md b/commands/soc2-audit.md new file mode 100644 index 0000000..205880e --- /dev/null +++ b/commands/soc2-audit.md @@ -0,0 +1,8 @@ +--- +description: DESCRIPTION_PLACEHOLDER +shortcut: SHORTCUT_PLACEHOLDER +--- + +# TITLE_PLACEHOLDER + +CONTENT_PLACEHOLDER diff --git a/plugin.lock.json b/plugin.lock.json new file mode 100644 index 0000000..79a4498 --- /dev/null +++ b/plugin.lock.json @@ -0,0 +1,61 @@ +{ + "$schema": "internal://schemas/plugin.lock.v1.json", + "pluginId": "gh:jeremylongshore/claude-code-plugins-plus:plugins/security/soc2-audit-helper", + "normalized": { + "repo": null, + "ref": "refs/tags/v20251128.0", + "commit": "5bd96af22455dc5b417e6f288669a96886c31d52", + "treeHash": "576bc72977d6252f68af75dbadca44679633aecb901d3413557cd8d01014b438", + "generatedAt": "2025-11-28T10:18:46.492427Z", + "toolVersion": "publish_plugins.py@0.2.0" + }, + "origin": { + "remote": "git@github.com:zhongweili/42plugin-data.git", + "branch": "master", + "commit": "aa1497ed0949fd50e99e70d6324a29c5b34f9390", + "repoRoot": "/Users/zhongweili/projects/openmind/42plugin-data" + }, + "manifest": { + "name": "soc2-audit-helper", + "description": "Assist with SOC2 audit preparation", + "version": "1.0.0" + }, + "content": { + "files": [ + { + "path": "README.md", + "sha256": "f291cebebae837a498b502833af884ef0b9ea1ed97a91d01e736c093ecb64852" + }, + { + "path": ".claude-plugin/plugin.json", + "sha256": "bcdc33d2d8435c4ddf66f0c9a705fdc95a6584c8ec939252773ed17154a2bd13" + }, + { + "path": "commands/soc2-audit.md", + "sha256": "26981dafecd0bda9d89082c091325c9fdc3ac197318243e952dde0b1a38f4088" + }, + { + "path": "skills/soc2-audit-helper/SKILL.md", + "sha256": "029eb5df64b9b8854ebc0fe948e5481718c6954a350336cd1718668b54d09a93" + }, + { + "path": "skills/soc2-audit-helper/references/README.md", + "sha256": "65929ac0f7ee8bcd2fedd13f68ee2d9ac9f9f497c6d5fe31579ed3604eb640d5" + }, + { + "path": "skills/soc2-audit-helper/scripts/README.md", + "sha256": "7a0e6137cdb2f8a1905dbfc7c29c6ea368dbafca73ab63699a692508fbe5d216" + }, + { + "path": "skills/soc2-audit-helper/assets/README.md", + "sha256": "43ef4ee389fd96fc48a05aa831031352bd66cd9ac124f3765264f30d004aed6d" + } + ], + "dirSha256": "576bc72977d6252f68af75dbadca44679633aecb901d3413557cd8d01014b438" + }, + "security": { + "scannedAt": null, + "scannerVersion": null, + "flags": [] + } +} \ No newline at end of file diff --git a/skills/soc2-audit-helper/SKILL.md b/skills/soc2-audit-helper/SKILL.md new file mode 100644 index 0000000..b936a6a --- /dev/null +++ b/skills/soc2-audit-helper/SKILL.md @@ -0,0 +1,52 @@ +--- +name: assisting-with-soc2-audit-preparation +description: | + This skill assists with SOC2 audit preparation by automating tasks related to evidence gathering and documentation. It leverages the soc2-audit-helper plugin to generate reports, identify potential compliance gaps, and suggest remediation steps. Use this skill when the user requests help with "SOC2 audit", "compliance check", "security controls", "audit preparation", or "evidence gathering" related to SOC2. It streamlines the initial stages of SOC2 compliance, focusing on automated data collection and preliminary analysis. +allowed-tools: Read, Write, Edit, Grep, Glob, Bash +version: 1.0.0 +--- + +## Overview + +This skill empowers Claude to assist users in preparing for a SOC2 audit. It automates the process of gathering evidence, analyzing security controls, and identifying potential compliance gaps, significantly reducing the manual effort involved in SOC2 preparation. + +## How It Works + +1. **Analyze Request**: Claude identifies the user's intent to prepare for a SOC2 audit. +2. **Gather Evidence**: The `soc2-audit-helper` plugin is invoked to collect relevant data and artifacts from the user's environment based on common SOC2 requirements. +3. **Generate Report**: The plugin generates a comprehensive report summarizing the current state of compliance, highlighting potential areas of concern. + +## When to Use This Skill + +This skill activates when you need to: +- Prepare for a SOC2 audit. +- Assess current security controls against SOC2 requirements. +- Gather evidence for SOC2 compliance. + +## Examples + +### Example 1: Generating a SOC2 Readiness Report + +User request: "Generate a SOC2 readiness report for my AWS environment." + +The skill will: +1. Invoke the `soc2-audit-helper` plugin. +2. Generate a report detailing the compliance status of the AWS environment based on SOC2 criteria. + +### Example 2: Identifying Compliance Gaps + +User request: "What are the compliance gaps in my current security posture related to SOC2?" + +The skill will: +1. Invoke the `soc2-audit-helper` plugin. +2. Analyze the current security configuration and identify areas where it falls short of SOC2 requirements. + +## Best Practices + +- **Specificity**: Provide as much detail as possible about the environment and specific SOC2 requirements. +- **Regular Updates**: Run the audit helper regularly to track progress and identify new compliance gaps. +- **Review Findings**: Carefully review the generated reports and address any identified issues promptly. + +## Integration + +This skill can be integrated with other security and compliance tools to provide a more comprehensive view of the organization's security posture. For example, it can be used in conjunction with vulnerability scanners and configuration management tools to identify and remediate security weaknesses. \ No newline at end of file diff --git a/skills/soc2-audit-helper/assets/README.md b/skills/soc2-audit-helper/assets/README.md new file mode 100644 index 0000000..50f2cbc --- /dev/null +++ b/skills/soc2-audit-helper/assets/README.md @@ -0,0 +1,7 @@ +# Assets + +Bundled resources for soc2-audit-helper skill + +- [ ] report_template.docx: A template for generating SOC2 compliance reports. +- [ ] compliance_gap_analysis_template.xlsx: A template for analyzing compliance gaps. +- [ ] remediation_steps_template.docx: A template for documenting remediation steps. diff --git a/skills/soc2-audit-helper/references/README.md b/skills/soc2-audit-helper/references/README.md new file mode 100644 index 0000000..52ce045 --- /dev/null +++ b/skills/soc2-audit-helper/references/README.md @@ -0,0 +1,8 @@ +# References + +Bundled resources for soc2-audit-helper skill + +- [ ] soc2_standards.md: A detailed explanation of SOC2 standards and requirements. +- [ ] security_controls_checklist.md: A checklist of security controls relevant to SOC2 compliance. +- [ ] audit_preparation_guide.md: A comprehensive guide to preparing for a SOC2 audit. +- [ ] example_soc2_report.md: An example SOC2 report to illustrate the expected format and content. diff --git a/skills/soc2-audit-helper/scripts/README.md b/skills/soc2-audit-helper/scripts/README.md new file mode 100644 index 0000000..b006993 --- /dev/null +++ b/skills/soc2-audit-helper/scripts/README.md @@ -0,0 +1,8 @@ +# Scripts + +Bundled resources for soc2-audit-helper skill + +- [ ] generate_soc2_report.py: Automates the generation of SOC2 compliance reports based on collected data. +- [ ] identify_compliance_gaps.py: Analyzes collected data to identify potential compliance gaps and vulnerabilities. +- [ ] suggest_remediation_steps.py: Provides suggestions for remediation steps to address identified compliance gaps. +- [ ] evidence_gathering_automation.py: Automates the process of gathering evidence for SOC2 audits.