CISO Review
技能 已验证 活跃/cs:ciso-review <plan> — Risk-paranoid interrogation of any plan that touches data, compliance, or production access.
To ensure thorough security and compliance reviews of any proposed plan touching sensitive data or production systems, helping to prevent potential risks and incidents.
功能
- Performs risk-paranoid interrogation of plans
- Asks six critical CISO questions
- Covers threat modeling, blast radius, detection, response, regulatory windows, and vendor security
- Outputs a structured CISO review report
- Aids in architecture decisions and compliance audits
使用场景
- Before deploying systems handling PII/PHI/cardholder data
- Before signing new vendors with data access
- Before compliance audits (SOC 2, ISO 27001, HIPAA, GDPR)
- Before architecture decisions crossing trust boundaries
- After near-miss incidents for review
非目标
- Performing actual penetration testing
- Automating compliance reporting directly
- Replacing a full-time CISO's decision-making
实践
- Security assessment
- Compliance review
- Risk management
安装
请先添加 Marketplace
/plugin marketplace add alirezarezvani/claude-skills/plugin install c-level-agents@claude-code-skills质量评分
已验证类似扩展
Qms Audit Expert
100ISO 13485 internal audit expertise for medical device QMS. Covers audit planning, execution, nonconformity classification, and CAPA verification. Use for internal audit planning, audit execution, finding classification, external audit preparation, or audit program management.
Investigate Capa Root Cause
100Investigate root causes and manage CAPAs (Corrective and Preventive Actions) for compliance deviations. Covers investigation method selection (5-Why, fishbone, fault tree), structured root cause analysis, corrective vs preventive action design, effectiveness verification, and trend analysis. Use when an audit finding requires a CAPA, when a deviation or incident occurs in a validated system, when a regulatory observation needs a formal response, when a data integrity anomaly requires investigation, or when recurring issues suggest a systemic root cause.
Soul Guardian
100Drift detection + baseline integrity guard for agent workspace files with automatic alerting support
Audit Dependency Versions
100Audit project dependencies for version staleness, security vulnerabilities, and compatibility issues. Covers lock file analysis, upgrade path planning, and breaking change assessment. Use before a release to ensure dependencies are current and secure, during periodic maintenance reviews, after receiving a security advisory, when upgrading to a new language version, before submitting to CRAN or npm, or when inheriting a project to assess its dependency health.
Codex Diff Develop
100Revisa el diff de la rama actual frente a develop en proyectos Drupal 11 siguiendo la metodología Codex (lógica de negocio, edge cases de hooks/queries, seguridad, performance, completitud). Genera un informe .md en la carpeta del IDE detectado (.antigravity/, .cursor/, .vscode/ o docs/) con hallazgos por severidad y soluciones accionables. Usar cuando el usuario pida "Revisión diff develop", "revisión diff develop", "diff develop", "revisar diff", "codex diff" o expresiones similares con intención de auditar cambios contra develop. Triggers: diff develop, codex diff, revisión diff, lint diff develop, auditar diff.
Context Mode Ops
100使用并行子代理军队管理 context-mode GitHub 问题、PR、发布和营销。为每个任务编排 10-20 个动态代理。在分类问题、审查 PR、发布版本、撰写 LinkedIn 帖子、宣布发布、修复错误、合并贡献、验证 ENV 变量、测试适配器或同步分支时使用。