Compliance Checker
VerifiedAudit codebases and infrastructure configurations against GDPR, SOC 2, PCI-DSS, and HIPAA requirements. Produces gap analysis reports with remediation steps prioritized by risk.
Install
Claude Code
Copy the SKILL.md file to .claude/skills/compliance-checker.md About This Skill
Compliance Checker systematically audits your codebase and infrastructure against regulatory frameworks, producing actionable gap analysis reports that help engineering teams understand what must be fixed before an audit.
Framework Coverage
Covers the most common frameworks: GDPR (data subject rights, consent, data minimization, breach notification), SOC 2 Type II (Security, Availability, Confidentiality trust service criteria), PCI-DSS v4.0 (cardholder data environment, network segmentation, encryption requirements), and HIPAA Technical Safeguards (access control, audit controls, integrity, transmission security).
What It Checks
Scans for: hardcoded PII or payment card data in source code, missing encryption for data at rest and in transit, lack of access logging and audit trails, missing data retention and deletion mechanisms, overly broad IAM permissions, missing input validation for injection prevention, and absence of security headers in HTTP responses.
Gap Analysis Report
Produces a structured report with: Executive Summary (overall compliance posture), Critical Gaps (must fix before audit), High/Medium/Low findings with evidence, and a remediation roadmap with effort estimates.
Important Caveat
AI-assisted compliance checks supplement but do not replace qualified auditor review. The output is a technical gap analysis, not a certification.
Use Cases
- Running a GDPR data flow audit on a SaaS application codebase
- Checking infrastructure-as-code against SOC 2 Trust Service Criteria
- Generating a PCI-DSS gap analysis for a payment processing service
- Producing HIPAA Technical Safeguard checklist for a healthcare app
Pros & Cons
Pros
- + Covers GDPR, SOC 2, PCI-DSS, and HIPAA in a single scan
- + Prioritizes findings by risk level with evidence from the codebase
- + Produces executive summary alongside technical remediation details
- + Checks both application code and infrastructure configuration files
Cons
- - Does not replace a qualified human auditor for formal certification
- - Static analysis cannot detect runtime data flows or third-party vendor risks
Related AI Tools
Claude Code
Paid
Anthropic's agentic CLI for autonomous terminal-native coding workflows
- Terminal-native autonomous coding agent
- Full file system and shell access for multi-step tasks
- Deep codebase understanding via repository indexing
OpenAI Codex CLI
Open Source
OpenAI's open-source terminal coding agent with sandboxed execution
- Three operating modes (suggest, auto-edit, full-auto)
- OS-level sandboxed execution for safety
- Optimized codex-mini model for low latency
Stay Updated on Agent Skills
Get weekly curated skills + safety alerts
每周精选 Skills + 安全预警