Does it help with Infrastructure as Code (IaC)?

Absolutely. The skill can validate compliance controls within YAML and other IaC files, checking for settings like encryption levels, password policies, and MFA requirements.

Can it detect sensitive data like secrets or PHI?

Yes, it includes specialized scanners designed to identify hardcoded credentials and Protected Health Information (PHI) within application code and log files.

Is this skill suitable for continuous integration (CI/CD)?

Yes, it is designed for both manual audits and automated integration into CI/CD pipelines to ensure continuous compliance and evidence collection.

Which regulatory frameworks does the Compliance Auditor support?

It currently supports SOC2 Type II, HIPAA, GDPR, and PCI-DSS through specialized scanning logic and control validation.

How does it rank security findings?

Findings are automatically categorized by severity—such as CRITICAL or HIGH—and mapped to specific regulatory requirements like HIPAA §164.308 or SOC2 CC6.1.

Compliance Auditor

Name: Compliance Auditor
Author: Dexploarer

byDexploarer

•

Security & Testing

Automates regulatory compliance auditing and security control monitoring for SOC2, HIPAA, GDPR, and PCI-DSS standards.

The Compliance Auditor skill empowers developers to integrate continuous regulatory monitoring directly into their development workflow, facilitating automated checks for complex security frameworks like SOC2, HIPAA, GDPR, and PCI-DSS. By scanning codebases for sensitive data exposure, verifying encryption protocols, and validating infrastructure-as-code controls, it helps engineering teams maintain a high security posture, prepare for formal external audits, and identify critical regulatory vulnerabilities before they reach production environments.

Key Features

01Comprehensive audit report generation with severity-ranked findings

02Real-time detection of hardcoded secrets and PHI exposure in logs

03Automated framework scanning for SOC2, HIPAA, GDPR, and PCI-DSS

042 GitHub stars

05Infrastructure-as-code (IaC) compliance validation for security controls

06Continuous monitoring of encryption-at-rest and access control policies

Use Cases

01Identifying and remediating PHI exposure in healthcare application logs

02Running pre-audit readiness checks for SOC2 Type II certification

03Validating PCI-DSS cardholder data protection standards in financial services codebases

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add dexploarer/hyper-forge compliance-auditor

For use in Claude.ai and ChatGPT

Download Skill