validating-pci-dss-compliance

This skill uses the pci-dss-validator plugin to assess codebases and infrastructure configurations for compliance with the Payment Card Industry Data Security Standard (PCI DSS). It identifies potential vulnerabilities and deviations from PCI DSS requirements. Use this skill when the user requests to "validate PCI compliance", "check PCI DSS", "assess PCI security", or "review PCI standards" for a given project or configuration. It helps ensure that systems handling cardholder data meet the necessary security controls.

1.08x

Quality

48%

Does it follow best practices?

Impact

89%

1.08x

Average score across 12 eval scenarios

Securityby

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./backups/skills-migration-20251108-070147/plugins/security/pci-dss-validator/skills/pci-dss-validator/SKILL.md

Evaluation results

95%

14%

Payment Application Pre-Audit Compliance Assessment

Compliance report structure and workflow

Criteria

Without context

With context

Scope defined

33%

100%

Analyze step present

37%

50%

Validation step present

100%

Report compiled

100%

Workflow order correct

40%

90%

Findings listed

100%

Remediation per finding

100%

Tracker items match findings

100%

Tracker has progress fields

100%

82%

-5%

AWS Payment Gateway Infrastructure Compliance Review

Infrastructure assessment and IaC integration

Criteria

Without context

With context

Scope defined

100%

Analyze step present

50%

Validation step present

100%

Report compiled with summary

100%

Plugin/tool referenced

35%

Findings listed

100%

Remediation per finding

100%

IaC integration guidance

100%

Remediation plan has status/owner fields

100%

Automated PCI DSS Compliance Program for a FinTech CI/CD Pipeline

Continuous compliance program and integration

Criteria

Without context

With context

Periodic schedule defined

100%

Static analysis integration

100%

IaC tool integration

100%

Both code and infra stages

100%

Remediation tracking template

100%

Tracker has run/date fields

100%

Tracker has status/owner fields

100%

Three-step workflow described

100%

Report output in workflow

100%

Scope addressed

100%

90%

Payment API Pre-Launch Security Review

Pre-deployment compliance validation

Criteria

Without context

With context

Scope defined first

100%

Analyze step present

100%

Validation step present

100%

Report compiled with summary

100%

Plugin/tool referenced

28%

Pre-deployment framing

100%

Specific violations listed

100%

Remediation per finding

100%

Remediation plan produced

100%

Remediation plan has status/owner fields

100%

81%

Cardholder Data Exposure Investigation

Security vulnerability investigation

Criteria

Without context

With context

Investigation framing

100%

Scope defined

100%

Analyze step present

62%

37%

Plugin/tool referenced

Specific vulnerabilities identified

100%

Risk context per finding

100%

Remediation steps per finding

100%

Report compiled with summary

100%

Separate tracker produced

100%

Tracker has date/discovery fields

50%

100%

Tracker has status/owner fields

100%

80%

PCI DSS Compliance Check for Payment Processing Library

Static analysis tool integration

Criteria

Without context

With context

Scope defined

100%

Analyze step present

50%

66%

Validation step present

100%

Compliance scanner referenced

14%

57%

Static analysis tool referenced

100%

Both tools in runbook

33%

Specific violations listed

100%

Remediation per finding

100%

Report compiled with summary

100%

Runbook produced

100%

98%

12%

PCI DSS Compliance Assessment: Containerized Card Verification Service

Container configuration compliance

Criteria

Without context

With context

Scope defined

100%

Analyze step present

100%

75%

Validation step present

100%

Workflow order correct

100%

Plugin/tool referenced

100%

Container violations listed

100%

Application violations listed

100%

Remediation per finding

100%

Report compiled with summary

100%

Remediation tracker produced

100%

92%

PCI DSS Compliance Assessment: Payment Platform Microservices

Multi-service scope assessment

Criteria

Without context

With context

Scope covers all services

100%

Analyze step present

37%

25%

Validation step present

100%

Workflow order correct

100%

75%

Plugin/tool referenced

100%

Auth service violations

100%

Transaction service violations

100%

Reporting service violations

100%

Remediation per finding

100%

Report compiled with summary

100%

Remediation tracker produced

100%

96%

12%

Quarterly PCI DSS Compliance Review: Legacy Payment Processing Module

Periodic compliance review and tracking

Criteria

Without context

With context

Scope defined

100%

Periodic framing

100%

Analyze step present

50%

Validation step present

100%

Workflow order correct

100%

Plugin/tool referenced

100%

Specific violations listed

100%

Remediation per finding

100%

Report compiled with summary

100%

Remediation tracker produced

100%

Tracker supports multi-cycle tracking

100%

98%

19%

Cloud Infrastructure Compliance Review for Payment Platform

CloudFormation infrastructure compliance assessment

Criteria

Without context

With context

Scope defined first

75%

100%

Analyze step present

28%

71%

Validation step present

100%

Workflow order correct

100%

Plugin/tool referenced

100%

Unencrypted storage violations

100%

Network security violations

100%

Credential exposure violations

100%

Logging/monitoring gaps identified

100%

Unencrypted transmission identified

100%

Remediation per finding

100%

Report compiled with summary

100%

Remediation plan with status/owner fields

100%

83%

Database Layer Compliance Review for Payment Processing System

Database data handling and retention compliance

Criteria

Without context

With context

Scope defined first

100%

Analyze step present

28%

42%

Validation step present

100%

Workflow order correct

85%

100%

Plugin/tool referenced

CVV storage violation identified

100%

Track data or full PAN storage identified

100%

Logging violation identified

100%

Credential exposure identified

100%

Unmasked data export identified

100%

Remediation per finding

100%

Report compiled with summary

100%

Remediation tracker with status/owner

100%

84%

-2%

Payment Gateway API Security Review

REST API endpoint compliance assessment

Criteria

Without context

With context

Scope defined first

100%

Analyze step present

100%

66%

Validation step present

100%

Workflow order correct

100%

Plugin/tool referenced

Logging violation identified

100%

Data storage violations identified

100%

Weak hashing violation identified

100%

Unauthenticated endpoint identified

100%

Remediation per finding

100%

Report compiled with summary

100%

Remediation plan produced

100%

Remediation plan has status/owner fields

100%

Repository: jeremylongshore/claude-code-plugins-plus-skills
Commit: 13d35b8

Evaluated: 2 months ago
Agent: Claude Code
Model: Claude Sonnet 4.6

Table of Contents

Payment Application Pre-Audit Compliance Assessment AWS Payment Gateway Infrastructure Compliance Review Automated PCI DSS Compliance Program for a FinTech CI/CD Pipeline Payment API Pre-Launch Security Review Cardholder Data Exposure Investigation PCI DSS Compliance Check for Payment Processing Library PCI DSS Compliance Assessment: Containerized Card Verification Service PCI DSS Compliance Assessment: Payment Platform Microservices Quarterly PCI DSS Compliance Review: Legacy Payment Processing Module Cloud Infrastructure Compliance Review for Payment Platform Database Layer Compliance Review for Payment Processing System Payment Gateway API Security Review

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.