← All creators

Throughproof

Organization

Free, portable AI-agent skills that write compliant code (audit logging, access control, encryption) mapped to SOC 2, ISO 27001, PCI-DSS & HIPAA at once. Works in Claude Code, Cursor, Copilot, Gemini & Antigravity.

3 indexed · 0 Featured · 0 stars · avg score 75
View on GitHub →

Categories

Data & Documents (2) DevOps & Infrastructure (1)

Indexed Skills (3)

DevOps & Infrastructure Listed

compliant-logging

Use when writing or modifying code that performs a SENSITIVE ACTION — authentication or authorization changes, creating/updating/deleting records that hold personal, financial, or health data, permission/role changes, data exports, or admin operations. Ensures every sensitive action emits a structured, tamper-evident AUDIT EVENT (control key `log.audit`) and that secrets and PII never leak into logs (control key `hygiene.no-secrets`). The neutral control keys map to SOC 2, ISO 27001, PCI-DSS v4, and HIPAA at once via the Throughproof crosswalk (compliance/control-keys.yaml). Applies in any stack; do not invent a new logging library — use the project's logger.

0 Updated 4 days ago
Throughproof
Data & Documents Listed

crypto-data-protection

Use when writing or modifying code that MOVES OR STORES SENSITIVE DATA — outbound HTTP/API calls, network clients, TLS/SSL configuration, database schema or writes for personal/financial/health/credential data, file or object storage, backups, or caches. Ensures sensitive data is encrypted IN TRANSIT (TLS enforced, never plaintext http, never disabled certificate verification — control key `crypto.in-transit`) and AT REST (strong encryption for sensitive fields/blobs — control key `crypto.at-rest`). The neutral control keys map to SOC 2 (`CC6.7` / `CC6.1`), ISO 27001 (`A.8.24`), PCI-DSS v4 (`Req 4.2` / `3.5`), and HIPAA (`164.312(e)(1)` / `164.312(a)(2)(iv)`) via the Throughproof crosswalk. Applies in any stack; use the platform's crypto/TLS — do not roll your own.

0 Updated 4 days ago
Throughproof
Data & Documents Listed

secure-access-control

Use when writing or modifying code that ENFORCES ACCESS — authorization checks (who may do what), privileged/admin operations, or authentication (login, password handling, sessions, MFA). Ensures access is deny-by-default and least-privilege, that every authorization decision and privileged action emits an audit event (control keys `access.authz` / `access.privileged`), and that authentication uses strong password hashing and safe session handling (control key `access.authn`). The neutral control keys map to SOC 2, ISO 27001, PCI-DSS v4, and HIPAA at once via the Throughproof crosswalk (compliance/control-keys.yaml). Applies in any stack; use the project's existing auth/logger — do not invent a new framework.

0 Updated 4 days ago
Throughproof

Bio shown is the top-scored skill's repo description as a fallback — real GitHub bios land in a future update.