Can I use my own custom compliance policies?

Yes, you can use the --policy argument to specify a path to a custom policy document, allowing the skill to map threats to your organization's specific requirements.

Which frameworks are supported by the tm-compliance skill?

It natively supports OWASP Top 10 2021, SOC2 Trust Services Criteria, PCI-DSS v4.0, HIPAA, and GDPR, along with support for custom policy files.

Does this skill require an existing threat model?

Yes, it functions by analyzing existing threat model data (threats, controls, and gaps) typically stored in the .threatmodel/state directory.

What file formats are generated for the reports?

The skill generates two primary files: compliance.json for programmatic use and a visually rich compliance-report.md containing ASCII progress bars and status indicators.

Compliance Mapping Toolkit

Name: Compliance Mapping Toolkit
Author: josemlopez

byjosemlopez

0•

安全与测试

Maps security threats and controls to major compliance frameworks like OWASP, SOC2, and PCI-DSS to generate audit-ready documentation.

The Compliance Mapping Toolkit is a specialized skill for Claude Code that automates the alignment of your threat models with industry-standard regulatory frameworks. By bridging the gap between STRIDE categories and requirements from OWASP Top 10, SOC2, HIPAA, and more, it calculates coverage percentages and identifies critical security gaps. This skill is essential for security teams and developers who need to produce professional, visual audit reports and track compliance posture directly within their development environment.

主要功能

01Automated mapping of STRIDE threats to regulatory requirements

02Visual report generation with ASCII progress bars and status indicators

030 GitHub stars

04Identification of specific security gaps and non-compliance areas

05Dual-format exports including machine-readable JSON and human-friendly Markdown

06Support for OWASP Top 10, SOC2, PCI-DSS, HIPAA, and GDPR

使用场景

01Identifying missing security controls required by specific regulatory frameworks

02Translating technical threat models into executive-level compliance summaries

03Preparing for security audits by generating comprehensive coverage reports

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add josemlopez/threat-modeling-toolkit tm-compliance

For use in Claude.ai and ChatGPT

主要功能

01Automated mapping of STRIDE threats to regulatory requirements

02Visual report generation with ASCII progress bars and status indicators

030 GitHub stars

04Identification of specific security gaps and non-compliance areas

05Dual-format exports including machine-readable JSON and human-friendly Markdown

06Support for OWASP Top 10, SOC2, PCI-DSS, HIPAA, and GDPR

使用场景

01Identifying missing security controls required by specific regulatory frameworks

02Translating technical threat models into executive-level compliance summaries

03Preparing for security audits by generating comprehensive coverage reports

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add josemlopez/threat-modeling-toolkit tm-compliance

For use in Claude.ai and ChatGPT