@intentsolutionsio/pci-dss-validator 1.0.0

package/.claude-plugin/plugin.json

@@ -0,0 +1,17 @@
+{
+  "name": "pci-dss-validator",
+  "version": "1.0.0",
+  "description": "Validate PCI DSS compliance",
+  "author": {
+    "name": "Jeremy Longshore",
+    "email": "[email protected]"
+  },
+  "repository": "https://github.com/jeremylongshore/claude-code-plugins",
+  "license": "MIT",
+  "keywords": [
+    "security",
+    "compliance",
+    "auditing",
+    "agent-skills"
+  ]
+}

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Jeremy Longshore
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/commands/validate-pci.md

@@ -0,0 +1,8 @@
+---
+name: validate-pci
+description: DESCRIPTION_PLACEHOLDER
+shortcut: pci
+---
+# TITLE_PLACEHOLDER
+
+CONTENT_PLACEHOLDER

package/package.json

@@ -0,0 +1,38 @@
+{
+  "name": "@intentsolutionsio/pci-dss-validator",
+  "version": "1.0.0",
+  "description": "Validate PCI DSS compliance",
+  "keywords": [
+    "security",
+    "compliance",
+    "auditing",
+    "agent-skills",
+    "claude-code",
+    "claude-plugin",
+    "tonsofskills"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/jeremylongshore/claude-code-plugins-plus-skills.git",
+    "directory": "plugins/security/pci-dss-validator"
+  },
+  "homepage": "https://tonsofskills.com/plugins/pci-dss-validator",
+  "bugs": "https://github.com/jeremylongshore/claude-code-plugins-plus-skills/issues",
+  "license": "MIT",
+  "author": {
+    "name": "Jeremy Longshore",
+    "email": "[email protected]"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "files": [
+    "README.md",
+    ".claude-plugin",
+    "skills",
+    "commands"
+  ],
+  "scripts": {
+    "postinstall": "node -e \"console.log(\\\"\\\\n→ This npm package is a tracking/proof artifact. Install the plugin via:\\\\n  ccpi install pci-dss-validator\\\\n  or /plugin install pci-dss-validator@claude-code-plugins-plus in Claude Code\\\\n\\\")\""
+  }
+}

package/skills/validating-pci-dss-compliance/SKILL.md

@@ -0,0 +1,100 @@
+---
+name: validating-pci-dss-compliance
+description: Validate PCI-DSS compliance for payment card data security. Use when auditing payment systems. Trigger with 'validate PCI-DSS', 'check payment security', or 'audit card data'.
+version: 1.0.0
+allowed-tools: "Read, Write, Edit, Grep, Glob, Bash(security:*), Bash(scan:*), Bash(audit:*)"
+license: MIT
+author: Jeremy Longshore <jeremy@intentsolutions.io>
+compatible-with: claude-code, codex, openclaw
+tags: [security, compliance, audit]
+---
+# Pci Dss Validator
+
+Validate payment systems against PCI DSS requirements, checking cardholder data storage, network segmentation, encryption standards, access controls, and vulnerability management processes.
+
+## Overview
+
+This skill streamlines PCI DSS compliance checks by automatically analyzing code and configurations. It flags potential issues, allowing for proactive remediation and improved security posture. It is particularly useful for developers, security engineers, and compliance officers.
+
+## How It Works
+
+1. **Analyze the Target**: The skill identifies the codebase, configuration files, or infrastructure resources to be evaluated.
+2. **Run PCI DSS Validation**: The pci-dss-validator plugin scans the target for potential PCI DSS violations.
+3. **Generate Report**: The skill compiles a report detailing any identified vulnerabilities or non-compliant configurations, along with remediation recommendations.
+
+## When to Use This Skill
+
+This skill activates when you need to:
+- Evaluate a new application or system for PCI DSS compliance before deployment.
+- Periodically assess existing systems to maintain PCI DSS compliance.
+- Investigate potential security vulnerabilities related to PCI DSS.
+
+## Examples
+
+### Example 1: Validating a Web Application
+
+User request: "Validate PCI compliance for my e-commerce web application."
+
+The skill will:
+1. Identify the source code repository for the web application.
+2. Run the pci-dss-validator plugin against the codebase.
+3. Generate a report highlighting any PCI DSS violations found in the code.
+
+### Example 2: Checking Infrastructure Configuration
+
+User request: "Check PCI DSS compliance of my AWS infrastructure."
+
+The skill will:
+1. Access the AWS configuration files (e.g., Terraform, CloudFormation).
+2. Execute the pci-dss-validator plugin against the infrastructure configuration.
+3. Produce a report outlining any non-compliant configurations in the AWS environment.
+
+## Best Practices
+
+- **Scope Definition**: Clearly define the scope of the PCI DSS assessment to ensure accurate and relevant results.
+- **Regular Assessments**: Conduct regular PCI DSS assessments to maintain continuous compliance.
+- **Remediation Tracking**: Track and document all remediation efforts to demonstrate ongoing commitment to security.
+
+## Integration
+
+This skill can be integrated with other security tools and plugins to provide a comprehensive security assessment. For example, it can be used in conjunction with static analysis tools to identify vulnerabilities in code before it is deployed. It can also be integrated with infrastructure-as-code tools to ensure that infrastructure is compliant with PCI DSS from the start.
+
+## Prerequisites
+
+- Access to codebase and configuration files in ${CLAUDE_SKILL_DIR}/
+- Security scanning tools installed as needed
+- Understanding of security standards and best practices
+- Permissions for security analysis operations
+
+## Instructions
+
+1. Identify security scan scope and targets
+2. Configure scanning parameters and thresholds
+3. Execute security analysis systematically
+4. Analyze findings for vulnerabilities and compliance gaps
+5. Prioritize issues by severity and impact
+6. Generate detailed security report with remediation steps
+
+## Output
+
+- Security scan results with vulnerability details
+- Compliance status reports by standard
+- Prioritized list of security issues by severity
+- Remediation recommendations with code examples
+- Executive summary for stakeholders
+
+## Error Handling
+
+If security scanning fails:
+- Verify tool installation and configuration
+- Check file and directory permissions
+- Validate scan target paths
+- Review tool-specific error messages
+- Ensure network access for dependency checks
+
+## Resources
+
+- Security standard documentation (OWASP, CWE, CVE)
+- Compliance framework guidelines (GDPR, HIPAA, PCI-DSS)
+- Security scanning tool documentation
+- Vulnerability remediation best practices

package/skills/validating-pci-dss-compliance/assets/README.md

@@ -0,0 +1,5 @@
+# Assets
+
+Bundled resources for pci-dss-validator skill
+
+- [ ] report_template.html: An HTML template for generating PCI DSS compliance reports. This allows for consistent and professional-looking reports.

package/skills/validating-pci-dss-compliance/references/README.md

@@ -0,0 +1,4 @@
+# References
+
+Bundled resources for pci-dss-validator skill
+

package/skills/validating-pci-dss-compliance/scripts/README.md

@@ -0,0 +1,11 @@
+# Scripts
+
+Bundled resources for pci-dss-validator skill
+
+- [x] pci_dss_scan.py: Script to automate PCI DSS compliance scans using the plugin's functionalities.  It should take a codebase or configuration file as input and output a detailed report of compliance issues.
+- [x] generate_report.py: Script to generate a formatted report (e.g., HTML, PDF) from the scan results. This allows for easy sharing and documentation of compliance status.
+- [x] remediation_suggestions.py: Script that provides automated remediation suggestions for identified PCI DSS violations.  This could involve code snippets or configuration changes.
+
+
+## Auto-Generated
+Scripts generated on 2025-12-10 03:48:17

package/skills/validating-pci-dss-compliance/scripts/generate_report.py

@@ -0,0 +1,129 @@
+#!/usr/bin/env python3
+"""
+pci-dss-validator - Generator Script
+Script to generate a formatted report (e.g., HTML, PDF) from the scan results. This allows for easy sharing and documentation of compliance status.
+Generated: 2025-12-10 03:48:17
+"""
+
+import os
+import json
+import argparse
+from pathlib import Path
+from datetime import datetime
+
+class Generator:
+    def __init__(self, config: Dict):
+        self.config = config
+        self.output_dir = Path(config.get('output', './output'))
+        self.output_dir.mkdir(parents=True, exist_ok=True)
+
+    def generate_markdown(self, title: str, content: str) -> Path:
+        """Generate markdown document."""
+        filename = f"{title.lower().replace(' ', '_')}_{datetime.now().strftime('%Y%m%d_%H%M%S')}.md"
+        file_path = self.output_dir / filename
+
+        md_content = f"""# {title}
+
+Generated by pci-dss-validator
+Date: {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}
+
+## Overview
+{content}
+
+## Configuration
+```json
+{json.dumps(self.config, indent=2)}
+```
+
+## Category
+security
+
+## Plugin
+pci-dss-validator
+"""
+
+        file_path.write_text(md_content)
+        return file_path
+
+    def generate_json(self, data: Dict) -> Path:
+        """Generate JSON output."""
+        filename = f"output_{datetime.now().strftime('%Y%m%d_%H%M%S')}.json"
+        file_path = self.output_dir / filename
+
+        output_data = {
+            "generated_by": "pci-dss-validator",
+            "timestamp": datetime.now().isoformat(),
+            "category": "security",
+            "plugin": "pci-dss-validator",
+            "data": data,
+            "config": self.config
+        }
+
+        with open(file_path, 'w') as f:
+            json.dump(output_data, f, indent=2)
+
+        return file_path
+
+    def generate_script(self, name: str, template: str) -> Path:
+        """Generate executable script."""
+        filename = f"{name}.sh"
+        file_path = self.output_dir / filename
+
+        script_content = f"""#!/bin/bash
+# Generated by pci-dss-validator
+# Date: {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}
+
+set -e  # Exit on error
+
+echo "🚀 Running {name}..."
+
+# Template content
+{template}
+
+echo "✅ Completed successfully"
+"""
+
+        file_path.write_text(script_content)
+        file_path.chmod(0o755)  # Make executable
+        return file_path
+
+def main():
+    parser = argparse.ArgumentParser(description="Script to generate a formatted report (e.g., HTML, PDF) from the scan results. This allows for easy sharing and documentation of compliance status.")
+    parser.add_argument('--type', choices=['markdown', 'json', 'script'], default='markdown')
+    parser.add_argument('--output', '-o', default='./output', help='Output directory')
+    parser.add_argument('--config', '-c', help='Configuration file')
+    parser.add_argument('--title', default='pci-dss-validator Output')
+    parser.add_argument('--content', help='Content to include')
+
+    args = parser.parse_args()
+
+    config = {'output': args.output}
+    if args.config and Path(args.config).exists():
+        with open(args.config) as f:
+            config.update(json.load(f))
+
+    generator = Generator(config)
+
+    print(f"🔧 Generating {args.type} output...")
+
+    if args.type == 'markdown':
+        output_file = generator.generate_markdown(
+            args.title,
+            args.content or "Generated content"
+        )
+    elif args.type == 'json':
+        output_file = generator.generate_json(
+            {"title": args.title, "content": args.content}
+        )
+    else:  # script
+        output_file = generator.generate_script(
+            args.title.lower().replace(' ', '_'),
+            args.content or "# Add your script content here"
+        )
+
+    print(f"✅ Generated: {output_file}")
+    return 0
+
+if __name__ == "__main__":
+    import sys
+    sys.exit(main())