Claude-Skills-Governance-Risk-and-Compliance MCP — Cas d'usage, Installer & Démo en direct

Pourquoi l'utiliser

Fonctionnalités clés

9 frameworks: ISO 27001, SOC 2, FedRAMP, GDPR, HIPAA, NIST CSF 2.0, PCI DSS v4.0.1, TSA Cybersecurity, ISO 42001
Each skill ships gap-assessment structure, policy templates, control-implementation guide, evidence checklists
Regulatory citations in policy templates, not invented references
94% eval pass rate vs 72% baseline Claude across 18 test cases
Distributable as .skill files or via Claude Code marketplace

Démo en direct

Aperçu en pratique

claude-skills-governance-risk-and-compliance-skill.replay ▶ prêt

0/0

Installer

Choisissez votre client

~/Library/Application Support/Claude/claude_desktop_config.json · Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "claude-skills-governance-risk-and-compliance-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/Sushegaad/Claude-Skills-Governance-Risk-and-Compliance",
        "~/.claude/skills/Claude-Skills-Governance-Risk-and-Compliance"
      ],
      "_inferred": true
    }
  }
}

Ouvrez Claude Desktop → Settings → Developer → Edit Config. Redémarrez après avoir enregistré.

~/.cursor/mcp.json · .cursor/mcp.json

{
  "mcpServers": {
    "claude-skills-governance-risk-and-compliance-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/Sushegaad/Claude-Skills-Governance-Risk-and-Compliance",
        "~/.claude/skills/Claude-Skills-Governance-Risk-and-Compliance"
      ],
      "_inferred": true
    }
  }
}

Cursor utilise le même schéma mcpServers que Claude Desktop. La config projet l'emporte sur la globale.

VS Code → Cline → MCP Servers → Edit

{
  "mcpServers": {
    "claude-skills-governance-risk-and-compliance-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/Sushegaad/Claude-Skills-Governance-Risk-and-Compliance",
        "~/.claude/skills/Claude-Skills-Governance-Risk-and-Compliance"
      ],
      "_inferred": true
    }
  }
}

Cliquez sur l'icône MCP Servers dans la barre latérale Cline, puis "Edit Configuration".

~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "claude-skills-governance-risk-and-compliance-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/Sushegaad/Claude-Skills-Governance-Risk-and-Compliance",
        "~/.claude/skills/Claude-Skills-Governance-Risk-and-Compliance"
      ],
      "_inferred": true
    }
  }
}

Même format que Claude Desktop. Redémarrez Windsurf pour appliquer.

~/.continue/config.json

{
  "mcpServers": [
    {
      "name": "claude-skills-governance-risk-and-compliance-skill",
      "command": "git",
      "args": [
        "clone",
        "https://github.com/Sushegaad/Claude-Skills-Governance-Risk-and-Compliance",
        "~/.claude/skills/Claude-Skills-Governance-Risk-and-Compliance"
      ]
    }
  ]
}

Continue utilise un tableau d'objets serveur plutôt qu'une map.

~/.config/zed/settings.json

{
  "context_servers": {
    "claude-skills-governance-risk-and-compliance-skill": {
      "command": {
        "path": "git",
        "args": [
          "clone",
          "https://github.com/Sushegaad/Claude-Skills-Governance-Risk-and-Compliance",
          "~/.claude/skills/Claude-Skills-Governance-Risk-and-Compliance"
        ]
      }
    }
  }
}

Ajoutez dans context_servers. Zed recharge à chaud à la sauvegarde.

claude mcp add claude-skills-governance-risk-and-compliance-skill -- git clone https://github.com/Sushegaad/Claude-Skills-Governance-Risk-and-Compliance ~/.claude/skills/Claude-Skills-Governance-Risk-and-Compliance

Une seule ligne. Vérifiez avec claude mcp list. Supprimez avec claude mcp remove.

Cas d'usage

Usages concrets : Claude-Skills-Governance-Risk-and-Compliance

Run a SOC 2 readiness assessment for a SaaS startup

👤 Founders and early-stage CTOs preparing for SOC 2 Type I ⏱ ~90 min advanced

Quand l'utiliser : Enterprise customers are asking for SOC 2 and you need to know how far off you are.

Déroulement

Run the gap assessment

Use the SOC 2 skill. Assess our readiness across CC, A, C, PI, P — here's our current security setup [paste].✓ Copié

→ Per-criterion gap list with severity
Generate policy templates

Give me policy templates for the top 5 gaps, with specific controls and citations.✓ Copié

→ Policies with CC/A/C/PI/P references
Evidence checklist

What evidence do we need to collect before the audit?✓ Copié

→ Ordered checklist with collection owners

Résultat : A clear path to SOC 2 Type I with sample policies.

Pièges

Treating skill output as a final audit deliverable — Always pair with a human auditor; this skill accelerates prep, it doesn't replace attestation

Map engineering controls to HIPAA Security Rule

👤 Healthcare-facing engineering teams ⏱ ~60 min advanced

Quand l'utiliser : You're building a PHI-handling service and need to map each HIPAA safeguard.

Déroulement

Current controls inventory

Use the HIPAA skill. Here's our tech stack and current controls [paste]. Map to Security Rule administrative, physical, technical safeguards.✓ Copié

→ Safeguard-by-safeguard mapping with gaps flagged
Breach-Notification-readiness plan

What do we need for a compliant breach-notification workflow?✓ Copié

→ Runbook with timelines and responsible roles

Résultat : A HIPAA control matrix plus breach-readiness runbook.

Pièges

Assuming BAA = full compliance — Skill distinguishes BAA scope from the broader Security Rule

Combinaisons

Associez-le à d'autres MCPs pour un effet X10

claude-skills-governance-risk-and-compliance-skill + terraform-skill

Generate IaC controls that implement the policy

For the access-control policy from SOC 2 skill, write Terraform modules that enforce it in AWS.✓ Copié

claude-skills-governance-risk-and-compliance-skill + aws-agent-skill

Map HIPAA technical safeguards to specific AWS services

For each HIPAA Security Rule technical safeguard, show the AWS services that implement it.✓ Copié

Outils

Ce que ce MCP expose

Outil	Entrées	Quand appeler
Gap assessment	current posture + framework	Start of any compliance program
Policy template generation	gap + framework	Closing a gap
Control implementation guide	control ID	Engineering a specific control
Evidence checklist	framework + scope	Audit preparation

Coût et limites

Coût d'exécution

Quota d'API: None
Tokens par appel: 10-30k per framework engagement — heavy
Monétaire: Free — skill is local
Astuce: Scope to one framework at a time; cross-framework work balloons context.

Sécurité

Permissions, secrets, portée

Stockage des identifiants : No credentials — skill is prompts

Sortie de données : None from the skill itself

Skill output is decision-support, not a substitute for qualified auditors, legal counsel, or DPOs. Treat drafts as starting points.

Dépannage

Erreurs courantes et correctifs

Skill cites an outdated control version

Specify the framework version explicitly (e.g. 'ISO 27001:2022' not just 'ISO 27001').

Policy template is too generic

Provide your specific tech stack and jurisdiction so the skill can tailor.

Alternatives

Claude-Skills-Governance-Risk-and-Compliance vs autres

Alternative	Quand l'utiliser	Compromis
GRC platforms (Vanta, Drata, Secureframe)	You want automated evidence collection and continuous monitoring	Paid services; this skill is for guidance, not automation
Legal counsel	You need binding legal advice	This skill can't replace a lawyer — it informs and accelerates, not decides

Plus

Ressources

📖 Lire le README officiel sur GitHub

🐙 Voir les issues ouvertes

🔍 Parcourir les 400+ serveurs MCP et Skills