maxwellokumu

appsec-playbook

Guide Claude through a structured application security audit covering threat modeling, testing, pipeline review, dependency risk, and vulnerability management.

code-review-helper

Analyze source code for common security weaknesses across multiple languages and help Claude explain findings, severity, and remediation clearly.

devsecops-checker

Review CI or CD pipeline configuration for DevSecOps controls and help Claude explain maturity gaps, missing safeguards, and practical improvements.

vuln-parser

Parse vulnerability scan results into a risk-ranked view so Claude can explain which hosts, findings, and remediation actions deserve attention first.

evidence-tracker

Manage audit evidence requests, collection progress, and status reporting so Claude can keep audits organized and identify overdue or blocked evidence items.

policy-writer

Draft security and compliance policy documents aligned to common frameworks so Claude can turn user requirements into professional, review-ready policy text.

consent-checker

Review privacy policy or notice text against common privacy frameworks so Claude can explain coverage gaps, strengths, and compliance priorities.

data-inventory-mapper

Map personal and sensitive data across systems so Claude can explain data flows, classifications, transfers, and privacy-relevant handling risks clearly.

data-privacy-playbook

Guide Claude through a structured data privacy audit covering discovery, notice review, rights verification, impact assessment, and reporting.

pia-generator

Generate structured privacy impact assessments so Claude can organize project privacy risks, controls, and decision points into a review-ready report.

asset-validator

Reconcile authorized inventory against discovered devices so Claude can explain rogue assets, ghost assets, and inventory coverage gaps clearly.

firmware-checker

Review device firmware versions against vulnerability data so Claude can explain which devices appear exposed and which updates deserve priority.

hardware-physical-playbook

Guide Claude through a structured hardware and physical security audit covering inventory, access control, firmware posture, environmental controls, and reporting.

physical-access-review

Analyze badge or door access logs so Claude can explain after-hours activity, repeated failures, and other physical access anomalies clearly.

iam-access-review

Analyse IAM policies for excessive permissions, wildcards, admin-equivalent actions, missing conditions, and inline policies. Use this skill for access review and least-privilege analysis.

Step-by-step IAM audit methodology covering user inventory, policy review, MFA verification, privileged account monitoring, SOD analysis, and reporting. Use this skill for procedural IAM audit guidance.

privileged-account-monitor

Review privileged account activity logs for baseline exceedances, off-hours access, sensitive actions, and new unknown users. Use this skill for admin activity review and privileged access monitoring.

sod-analyzer

Detect segregation of duties conflicts in user role assignments. Use this skill for role conflict analysis, four-eyes control review, and SOD violation detection.

artefact-gap-analyzer

Compare expected audit evidence artefacts from an audit program JSON against provided files and report gaps with coverage percentage. Use this skill for evidence coverage review and missing artefact analysis.

exec-summary-writer

Convert a structured findings JSON file into a polished executive summary with risk breakdown, key findings, and recommendations. Use this skill for leadership-facing audit reporting.

lead-it-auditor-playbook

Step-by-step lead IT auditor methodology covering engagement planning through final reporting and closeout. Use this skill as a procedural guide at the start of an audit engagement.

anomaly-detector

Compare recent activity against a historical baseline to identify behavioral anomalies and help Claude explain which users or patterns warrant deeper investigation.

log-analyzer

Review log data for suspicious events and help Claude explain what stands out, why it matters, and which findings deserve escalation or follow-up.

DevOps & Infrastructure Listed

log-monitoring-playbook

Guide Claude through a structured logging and monitoring audit covering log inventory, baseline analysis, anomaly review, incident investigation, and reporting.

network-config-reviewer

Review firewall and network rule sets for overly permissive access, risky exposure, and other configuration weaknesses so Claude can explain the highest-priority findings clearly.

network-security-playbook

Guide Claude through a structured network security audit covering asset discovery, firewall review, segmentation validation, threat correlation, scanning, and reporting.