Claude-Skills-Governance-Risk-and-Compliance MCP — Сценарии использования, Установка & Живое демо

Зачем использовать

Ключевые функции

9 frameworks: ISO 27001, SOC 2, FedRAMP, GDPR, HIPAA, NIST CSF 2.0, PCI DSS v4.0.1, TSA Cybersecurity, ISO 42001
Each skill ships gap-assessment structure, policy templates, control-implementation guide, evidence checklists
Regulatory citations in policy templates, not invented references
94% eval pass rate vs 72% baseline Claude across 18 test cases
Distributable as .skill files or via Claude Code marketplace

Живое демо

Как выглядит на практике

claude-skills-governance-risk-and-compliance-skill.replay ▶ готово

0/0

Установка

Выберите клиент

~/Library/Application Support/Claude/claude_desktop_config.json · Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "claude-skills-governance-risk-and-compliance-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/Sushegaad/Claude-Skills-Governance-Risk-and-Compliance",
        "~/.claude/skills/Claude-Skills-Governance-Risk-and-Compliance"
      ],
      "_inferred": true
    }
  }
}

Откройте Claude Desktop → Settings → Developer → Edit Config. Перезапустите после сохранения.

~/.cursor/mcp.json · .cursor/mcp.json

{
  "mcpServers": {
    "claude-skills-governance-risk-and-compliance-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/Sushegaad/Claude-Skills-Governance-Risk-and-Compliance",
        "~/.claude/skills/Claude-Skills-Governance-Risk-and-Compliance"
      ],
      "_inferred": true
    }
  }
}

Cursor использует ту же схему mcpServers, что и Claude Desktop. Конфиг проекта приоритетнее глобального.

VS Code → Cline → MCP Servers → Edit

{
  "mcpServers": {
    "claude-skills-governance-risk-and-compliance-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/Sushegaad/Claude-Skills-Governance-Risk-and-Compliance",
        "~/.claude/skills/Claude-Skills-Governance-Risk-and-Compliance"
      ],
      "_inferred": true
    }
  }
}

Щёлкните значок MCP Servers на боковой панели Cline, затем "Edit Configuration".

~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "claude-skills-governance-risk-and-compliance-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/Sushegaad/Claude-Skills-Governance-Risk-and-Compliance",
        "~/.claude/skills/Claude-Skills-Governance-Risk-and-Compliance"
      ],
      "_inferred": true
    }
  }
}

Тот же формат, что и Claude Desktop. Перезапустите Windsurf для применения.

~/.continue/config.json

{
  "mcpServers": [
    {
      "name": "claude-skills-governance-risk-and-compliance-skill",
      "command": "git",
      "args": [
        "clone",
        "https://github.com/Sushegaad/Claude-Skills-Governance-Risk-and-Compliance",
        "~/.claude/skills/Claude-Skills-Governance-Risk-and-Compliance"
      ]
    }
  ]
}

Continue использует массив объектов серверов, а не map.

~/.config/zed/settings.json

{
  "context_servers": {
    "claude-skills-governance-risk-and-compliance-skill": {
      "command": {
        "path": "git",
        "args": [
          "clone",
          "https://github.com/Sushegaad/Claude-Skills-Governance-Risk-and-Compliance",
          "~/.claude/skills/Claude-Skills-Governance-Risk-and-Compliance"
        ]
      }
    }
  }
}

Добавьте в context_servers. Zed перезагружается автоматически.

claude mcp add claude-skills-governance-risk-and-compliance-skill -- git clone https://github.com/Sushegaad/Claude-Skills-Governance-Risk-and-Compliance ~/.claude/skills/Claude-Skills-Governance-Risk-and-Compliance

Однострочная команда. Проверить: claude mcp list. Удалить: claude mcp remove.

Сценарии использования

Реальные сценарии: Claude-Skills-Governance-Risk-and-Compliance

Run a SOC 2 readiness assessment for a SaaS startup

👤 Founders and early-stage CTOs preparing for SOC 2 Type I ⏱ ~90 min advanced

Когда использовать: Enterprise customers are asking for SOC 2 and you need to know how far off you are.

Поток

Run the gap assessment

Use the SOC 2 skill. Assess our readiness across CC, A, C, PI, P — here's our current security setup [paste].✓ Скопировано

→ Per-criterion gap list with severity
Generate policy templates

Give me policy templates for the top 5 gaps, with specific controls and citations.✓ Скопировано

→ Policies with CC/A/C/PI/P references
Evidence checklist

What evidence do we need to collect before the audit?✓ Скопировано

→ Ordered checklist with collection owners

Итог: A clear path to SOC 2 Type I with sample policies.

Подводные камни

Treating skill output as a final audit deliverable — Always pair with a human auditor; this skill accelerates prep, it doesn't replace attestation

Map engineering controls to HIPAA Security Rule

👤 Healthcare-facing engineering teams ⏱ ~60 min advanced

Когда использовать: You're building a PHI-handling service and need to map each HIPAA safeguard.

Поток

Current controls inventory

Use the HIPAA skill. Here's our tech stack and current controls [paste]. Map to Security Rule administrative, physical, technical safeguards.✓ Скопировано

→ Safeguard-by-safeguard mapping with gaps flagged
Breach-Notification-readiness plan

What do we need for a compliant breach-notification workflow?✓ Скопировано

→ Runbook with timelines and responsible roles

Итог: A HIPAA control matrix plus breach-readiness runbook.

Подводные камни

Assuming BAA = full compliance — Skill distinguishes BAA scope from the broader Security Rule

Комбинации

Сочетайте с другими MCP — эффект x10

claude-skills-governance-risk-and-compliance-skill + terraform-skill

Generate IaC controls that implement the policy

For the access-control policy from SOC 2 skill, write Terraform modules that enforce it in AWS.✓ Скопировано

claude-skills-governance-risk-and-compliance-skill + aws-agent-skill

Map HIPAA technical safeguards to specific AWS services

For each HIPAA Security Rule technical safeguard, show the AWS services that implement it.✓ Скопировано

Инструменты

Что предоставляет этот MCP

Инструмент	Входные данные	Когда вызывать
Gap assessment	current posture + framework	Start of any compliance program
Policy template generation	gap + framework	Closing a gap
Control implementation guide	control ID	Engineering a specific control
Evidence checklist	framework + scope	Audit preparation

Стоимость и лимиты

Во что обходится

Квота API: None
Токенов на вызов: 10-30k per framework engagement — heavy
Деньги: Free — skill is local
Совет: Scope to one framework at a time; cross-framework work balloons context.

Безопасность

Права, секреты, радиус поражения

Хранение учётных данных: No credentials — skill is prompts

Исходящий трафик: None from the skill itself

Skill output is decision-support, not a substitute for qualified auditors, legal counsel, or DPOs. Treat drafts as starting points.

Устранение неполадок

Частые ошибки и исправления

Skill cites an outdated control version

Specify the framework version explicitly (e.g. 'ISO 27001:2022' not just 'ISO 27001').

Policy template is too generic

Provide your specific tech stack and jurisdiction so the skill can tailor.

Альтернативы

Claude-Skills-Governance-Risk-and-Compliance в сравнении

Альтернатива	Когда использовать	Компромисс
GRC platforms (Vanta, Drata, Secureframe)	You want automated evidence collection and continuous monitoring	Paid services; this skill is for guidance, not automation
Legal counsel	You need binding legal advice	This skill can't replace a lawyer — it informs and accelerates, not decides

Ещё

Ресурсы

📖 Читать официальный README на GitHub

🐙 Открытые задачи

🔍 Все 400+ MCP-серверов и Skills