soc2-compliance-checker
tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill soc2-compliance-checkerSoc2 Compliance Checker - Auto-activating skill for Security Advanced. Triggers on: soc2 compliance checker, soc2 compliance checker Part of the Security Advanced skill category.
Validation
69%| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
body_steps | No step-by-step structure detected (no ordered list); consider adding a simple workflow | Warning |
Total | 11 / 16 Passed | |
Implementation
0%This skill is essentially a placeholder with no substantive content. It describes what a SOC2 compliance checker might do in abstract terms but provides absolutely no actionable guidance, specific controls, audit procedures, or executable examples. A SOC2 compliance skill should cover the five trust service criteria, specific control mappings, evidence collection procedures, and gap analysis workflows.
Suggestions
Add concrete SOC2 Trust Service Criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy) with specific control checks and validation commands
Include executable code examples for automated compliance checks (e.g., AWS config rules, infrastructure scanning scripts, access control audits)
Define a clear workflow: 1) Scope assessment 2) Control mapping 3) Evidence collection 4) Gap analysis 5) Remediation tracking with validation checkpoints
Add references to detailed materials for each TSC category and common compliance evidence templates
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that provides no actual value. Phrases like 'provides automated assistance' and 'follows industry best practices' are meaningless filler that Claude doesn't need. | 1 / 3 |
Actionability | There is zero concrete guidance - no code, no commands, no specific steps, no actual SOC2 controls or compliance checks. The skill describes what it claims to do rather than instructing how to do it. | 1 / 3 |
Workflow Clarity | No workflow is defined whatsoever. For a compliance checker, there should be clear steps for auditing controls, validation checkpoints, and remediation guidance - none of which are present. | 1 / 3 |
Progressive Disclosure | The content is a flat, uninformative structure with no references to detailed materials, no links to SOC2 control frameworks, and no organization of compliance domains or trust service criteria. | 1 / 3 |
Total | 4 / 12 Passed |
Activation
22%This description is severely underdeveloped, functioning more as a label than a useful skill description. It lacks any explanation of what the skill actually does, what actions it performs, or when Claude should select it beyond the exact phrase 'soc2 compliance checker'. The duplicate trigger term and reliance on category metadata provide no meaningful guidance for skill selection.
Suggestions
Add specific actions the skill performs, e.g., 'Reviews code and infrastructure configurations against SOC 2 Trust Service Criteria, identifies control gaps, generates compliance reports'
Include a 'Use when...' clause with natural trigger scenarios, e.g., 'Use when reviewing security controls, preparing for SOC 2 audits, assessing compliance posture, or when user mentions SOC 2, Type I/II, or Trust Service Criteria'
Expand trigger terms to include variations users naturally say: 'SOC 2', 'SOC2', 'security audit', 'compliance assessment', 'trust services criteria', 'service organization controls'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description provides no concrete actions - it only states it's a 'compliance checker' without explaining what checking entails (e.g., auditing controls, reviewing policies, generating reports). | 1 / 3 |
Completeness | Missing both 'what does this do' (no actions described) and 'when should Claude use it' (no explicit use-case guidance beyond the trigger phrase). The description is essentially metadata without substance. | 1 / 3 |
Trigger Term Quality | Includes 'soc2 compliance checker' as a trigger term (duplicated), but misses natural variations users might say like 'SOC 2 audit', 'compliance review', 'security controls', or 'type 2 certification'. | 2 / 3 |
Distinctiveness Conflict Risk | The 'SOC2' term provides some specificity, but 'compliance checker' is generic and could overlap with other compliance-related skills (HIPAA, GDPR, PCI-DSS). The 'Security Advanced' category mention doesn't clarify boundaries. | 2 / 3 |
Total | 6 / 12 Passed |
Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.