// Interpret testssl-inspector normalized findings, recommend remediations, and tie evidence back to SCF anchor controls plus SOC 2 / NIST 800-53 r5 / PCI DSS 4.0.1 / ISO 27002:2022 equivalents derived from SCF crosswalks.
Build and deploy a production-ready Trust Center for any company. Use this skill whenever someone asks to create a trust center, compliance portal, security page, or wants to publish their SOC 2/SOC 3/ISO 27001/HIPAA/compliance posture publicly. Also triggers when someone mentions gated document access for audit reports, NDA-based document sharing, or wants to replace paid trust center tools like Secureframe, Vanta, Drata, or SafeBase. Even if they just say "I need a place to share my SOC 2 with customers" — that's a trust center. Use this skill.
NIST Cybersecurity Framework v2.0 expert. Reference-depth knowledge of the six Functions (Govern, Identify, Protect, Detect, Respond, Recover), Categories and Subcategories, Profiles (Current vs Target), Tiers, Implementation Examples, and the practitioner workflow of using CSF as a board-readable cybersecurity outcomes language. Backed by the SCF crosswalk for control-by-control mechanics.
Verbatim reference for all 320 NIST 800-171A Rev 2 assessment objectives, plus the Rev 2 → Rev 3 control crosswalk. Use for AO-level lookups (e.g., 3.1.1[c]), evidence planning, and forward-mapping to Rev 3. Pairs with cmmc-expert.
CMMC v2.0 expert for DoD contractors. Covers NIST 800-171 Rev 2 (14 families, 110 controls), SPRS scoring, POA&M rules, 32 CFR Part 170, DFARS clauses, scoping, ESP/CSP, C3PAO assessment lifecycle, and Rev 2 → Rev 3 transition.
Scaffolds a complete React/Vite website project from site-config.json. Generates components, styles, and configuration based on the site type and plan data.
Sets up GitHub Actions CI/CD workflow for automatic deployment to AWS on push to main. Uses GitHub OIDC for keyless AWS authentication.
| name | testssl-inspector-expert |
| description | Interpret testssl-inspector normalized findings, recommend remediations, and tie evidence back to SCF anchor controls plus SOC 2 / NIST 800-53 r5 / PCI DSS 4.0.1 / ISO 27002:2022 equivalents derived from SCF crosswalks. |
| license | MIT |
Use this skill when reviewing findings produced by /testssl-inspector:scan. The connector wraps testssl.sh and emits v1 Findings against tls_endpoint resources; this skill translates those into remediation advice an engineer can act on and audit evidence a reviewer can sign off.
Findings live at ~/.cache/claude-grc/findings/testssl-inspector/<run_id>.json. Each document covers one TLS endpoint:
resource.type = "tls_endpoint", resource.id = "<host>:<port>", resource.uri = "https://<host>:<port>/"evaluations[] — one entry per (control_framework, control_id, testssl finding) tuplefindings[] — narrative roll-up for CVEs and critical results (cap 50 per doc)metadata.target, metadata.host, metadata.port — the original inputMost fails fall into one of five families. The remediation pattern is the same within each family.
IDs: SSLv2, SSLv3, TLS1, TLS1_1. SCF anchors: CRY-01 (Use of Cryptographic Controls), CRY-03 (Transmission of Sensitive Data), NET-09 (Session Authenticity). SCF crosswalk fans these out at scan time — typical resolved targets include NIST SC-08, SC-08(01), SC-08(02), SC-13, SC-23, SI-07(06); SOC 2 CC6.1, CC6.7; PCI 4.2, 4.2.1, 4.2.1.2, 8.3.2; ISO 27002 5.14, 8.24, 8.26.
Remediation:
ELBSecurityPolicy-TLS-1-2-2017-01 or newer. NGINX: ssl_protocols TLSv1.2 TLSv1.3;. Apache: SSLProtocol -all +TLSv1.2 +TLSv1.3.IDs: cipher_negotiated, cipherlist_* (NULL, aNULL, EXPORT, LOW, 3DES_IDEA, OBSOLETED), RC4, std_* variants. SCF anchors: CRY-01.2 (Algorithm Selection), CRY-05 (Cryptographic Protection). Resolved targets typically include NIST SC-13, SC-28, SC-28(01); SOC 2 CC6.1, CC6.7; PCI 3.5, 3.5.1.2, 3.5.1.3, 8.3.2; ISO 27002 8.24.
Remediation:
TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384.(EC)DHE should be disabled in 2026.IDs: cert_expirationStatus, cert_notAfter, cert_signatureAlgorithm, cert_keySize, cert_chain_of_trust, OCSP_*, CT, DNS_CAArecord. SCF anchor: CRY-08 (Public Key Infrastructure). Resolved targets include NIST SC-12 (Key Establishment & Management) and SC-17 (PKI Certificates); SOC 2 CC6.1.
Remediation depends on the specific failure:
CAA DNS record naming your authorized issuer(s) — defense against unauthorized certificate issuance.IDs: heartbleed, CCS, ticketbleed, ROBOT, secure_renego, secure_client_renego, CRIME_TLS, BREACH, POODLE_SSL, fallback_SCSV, SWEET32, FREAK, DROWN, LOGJAM, BEAST, LUCKY13, RC4, winshock. SCF anchors: VPM-01 (Vulnerability & Patch Management), VPM-06 (Vulnerability Scanning). Resolved targets include NIST SI-02, SI-03, RA-05; SOC 2 CC7.1 and CC3.x POFs; PCI 6.3, 6.3.1, 6.3.3, 11.3, 11.3.1; ISO 27002 8.8.
These are not configuration tuning — they're vulnerability remediation. Treat any non-OK finding here as an audit-tracked vuln with a remediation deadline. Most are addressed by:
IDs: HSTS, HSTS_preload, HSTS_time, HPKP, cookie_secure, cookie_httponly, banner_*, security_headers. SCF anchors: CRY-03 (Transmission of Sensitive Data), WEB-03 (Web App Hardening), NET-09 (Session Authenticity). Resolved targets include NIST SC-08, SC-08(01), SC-07(17), SC-23; PCI 4.2, 6.4, 6.4.1.
Remediation:
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload and submit to the HSTS preload list (hstspreload.org) for the strongest posture.Secure or HttpOnly: fix the application — set both flags on every session cookie.For an audit, the auditor wants three things per finding:
~/.cache/claude-grc/findings/testssl-inspector/<run_id>.json).collected_at field).Workflow:
/testssl-inspector:scan --target=auth.example.com --target=api.example.com
# Inspect the resulting findings file. Attach it to the audit evidence packet
# alongside the remediation tickets opened for each fail.
/grc-engineer:gap-assessment SOC2,PCI-DSS --sources=testssl-inspector
# Aggregates testssl evaluations with your other connector outputs into a
# control-by-control posture view.
id and reasoning so we can refine the mapping table.scan.md. If a user asks about SP 800-52 Rev. 2 specifically, point them at the relevant framework plugin instead.