Claude-Skills-Governance-Risk-and-Compliance MCP — Anwendungsfälle, Installieren & Live-Demo

Warum nutzen

Hauptfunktionen

9 frameworks: ISO 27001, SOC 2, FedRAMP, GDPR, HIPAA, NIST CSF 2.0, PCI DSS v4.0.1, TSA Cybersecurity, ISO 42001
Each skill ships gap-assessment structure, policy templates, control-implementation guide, evidence checklists
Regulatory citations in policy templates, not invented references
94% eval pass rate vs 72% baseline Claude across 18 test cases
Distributable as .skill files or via Claude Code marketplace

Live-Demo

In der Praxis

claude-skills-governance-risk-and-compliance-skill.replay ▶ bereit

0/0

Installieren

Wählen Sie Ihren Client

~/Library/Application Support/Claude/claude_desktop_config.json · Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "claude-skills-governance-risk-and-compliance-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/Sushegaad/Claude-Skills-Governance-Risk-and-Compliance",
        "~/.claude/skills/Claude-Skills-Governance-Risk-and-Compliance"
      ],
      "_inferred": true
    }
  }
}

Öffne Claude Desktop → Settings → Developer → Edit Config. Nach dem Speichern neu starten.

~/.cursor/mcp.json · .cursor/mcp.json

{
  "mcpServers": {
    "claude-skills-governance-risk-and-compliance-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/Sushegaad/Claude-Skills-Governance-Risk-and-Compliance",
        "~/.claude/skills/Claude-Skills-Governance-Risk-and-Compliance"
      ],
      "_inferred": true
    }
  }
}

Cursor nutzt das gleiche mcpServers-Schema wie Claude Desktop. Projektkonfiguration schlägt die globale.

VS Code → Cline → MCP Servers → Edit

{
  "mcpServers": {
    "claude-skills-governance-risk-and-compliance-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/Sushegaad/Claude-Skills-Governance-Risk-and-Compliance",
        "~/.claude/skills/Claude-Skills-Governance-Risk-and-Compliance"
      ],
      "_inferred": true
    }
  }
}

Klicken Sie auf das MCP-Servers-Symbol in der Cline-Seitenleiste, dann "Edit Configuration".

~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "claude-skills-governance-risk-and-compliance-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/Sushegaad/Claude-Skills-Governance-Risk-and-Compliance",
        "~/.claude/skills/Claude-Skills-Governance-Risk-and-Compliance"
      ],
      "_inferred": true
    }
  }
}

Gleiche Struktur wie Claude Desktop. Windsurf neu starten zum Übernehmen.

~/.continue/config.json

{
  "mcpServers": [
    {
      "name": "claude-skills-governance-risk-and-compliance-skill",
      "command": "git",
      "args": [
        "clone",
        "https://github.com/Sushegaad/Claude-Skills-Governance-Risk-and-Compliance",
        "~/.claude/skills/Claude-Skills-Governance-Risk-and-Compliance"
      ]
    }
  ]
}

Continue nutzt ein Array von Serverobjekten statt einer Map.

~/.config/zed/settings.json

{
  "context_servers": {
    "claude-skills-governance-risk-and-compliance-skill": {
      "command": {
        "path": "git",
        "args": [
          "clone",
          "https://github.com/Sushegaad/Claude-Skills-Governance-Risk-and-Compliance",
          "~/.claude/skills/Claude-Skills-Governance-Risk-and-Compliance"
        ]
      }
    }
  }
}

In context_servers hinzufügen. Zed lädt beim Speichern neu.

claude mcp add claude-skills-governance-risk-and-compliance-skill -- git clone https://github.com/Sushegaad/Claude-Skills-Governance-Risk-and-Compliance ~/.claude/skills/Claude-Skills-Governance-Risk-and-Compliance

Einzeiler. Prüfen mit claude mcp list. Entfernen mit claude mcp remove.

Anwendungsfälle

Praxisnahe Nutzung: Claude-Skills-Governance-Risk-and-Compliance

Run a SOC 2 readiness assessment for a SaaS startup

👤 Founders and early-stage CTOs preparing for SOC 2 Type I ⏱ ~90 min advanced

Wann einsetzen: Enterprise customers are asking for SOC 2 and you need to know how far off you are.

Ablauf

Run the gap assessment

Use the SOC 2 skill. Assess our readiness across CC, A, C, PI, P — here's our current security setup [paste].✓ Kopiert

→ Per-criterion gap list with severity
Generate policy templates

Give me policy templates for the top 5 gaps, with specific controls and citations.✓ Kopiert

→ Policies with CC/A/C/PI/P references
Evidence checklist

What evidence do we need to collect before the audit?✓ Kopiert

→ Ordered checklist with collection owners

Ergebnis: A clear path to SOC 2 Type I with sample policies.

Fallstricke

Treating skill output as a final audit deliverable — Always pair with a human auditor; this skill accelerates prep, it doesn't replace attestation

Map engineering controls to HIPAA Security Rule

👤 Healthcare-facing engineering teams ⏱ ~60 min advanced

Wann einsetzen: You're building a PHI-handling service and need to map each HIPAA safeguard.

Ablauf

Current controls inventory

Use the HIPAA skill. Here's our tech stack and current controls [paste]. Map to Security Rule administrative, physical, technical safeguards.✓ Kopiert

→ Safeguard-by-safeguard mapping with gaps flagged
Breach-Notification-readiness plan

What do we need for a compliant breach-notification workflow?✓ Kopiert

→ Runbook with timelines and responsible roles

Ergebnis: A HIPAA control matrix plus breach-readiness runbook.

Fallstricke

Assuming BAA = full compliance — Skill distinguishes BAA scope from the broader Security Rule

Kombinationen

Mit anderen MCPs für 10-fache Wirkung

claude-skills-governance-risk-and-compliance-skill + terraform-skill

Generate IaC controls that implement the policy

For the access-control policy from SOC 2 skill, write Terraform modules that enforce it in AWS.✓ Kopiert

claude-skills-governance-risk-and-compliance-skill + aws-agent-skill

Map HIPAA technical safeguards to specific AWS services

For each HIPAA Security Rule technical safeguard, show the AWS services that implement it.✓ Kopiert

Werkzeuge

Was dieses MCP bereitstellt

Werkzeug	Eingaben	Wann aufrufen
Gap assessment	current posture + framework	Start of any compliance program
Policy template generation	gap + framework	Closing a gap
Control implementation guide	control ID	Engineering a specific control
Evidence checklist	framework + scope	Audit preparation

Kosten & Limits

Was der Betrieb kostet

API-Kontingent: None
Tokens pro Aufruf: 10-30k per framework engagement — heavy
Kosten in €: Free — skill is local
Tipp: Scope to one framework at a time; cross-framework work balloons context.

Sicherheit

Rechte, Secrets, Reichweite

Credential-Speicherung: No credentials — skill is prompts

Datenabfluss: None from the skill itself

Skill output is decision-support, not a substitute for qualified auditors, legal counsel, or DPOs. Treat drafts as starting points.

Fehlerbehebung

Häufige Fehler und Lösungen

Skill cites an outdated control version

Specify the framework version explicitly (e.g. 'ISO 27001:2022' not just 'ISO 27001').

Policy template is too generic

Provide your specific tech stack and jurisdiction so the skill can tailor.

Alternativen

Claude-Skills-Governance-Risk-and-Compliance vs. andere

Alternative	Wann stattdessen	Kompromiss
GRC platforms (Vanta, Drata, Secureframe)	You want automated evidence collection and continuous monitoring	Paid services; this skill is for guidance, not automation
Legal counsel	You need binding legal advice	This skill can't replace a lawyer — it informs and accelerates, not decides

Mehr

Ressourcen

📖 Offizielle README auf GitHub lesen

🐙 Offene Issues ansehen

🔍 Alle 400+ MCP-Server und Skills durchsuchen