| name | open-source-compliance |
| description | This skill should be used when the user wants to assess, track, or automate open-source compliance work in Probo — vendor reviews, control mapping, evidence collection, risk registers, or policy workflows using Probo MCP tools. |
Open-source compliance with Probo
Use the Probo MCP server bundled with this plugin to read and write GRC data.
Do not guess entity IDs or organization scope — discover them with MCP tools
first.
Before you start
- Confirm the Probo MCP server is connected. If not, ask the user to run
/mcp or claude mcp login probo to complete the OAuth 2.0 sign-in.
- Identify the target organization. List organizations if the user did not
provide one.
- Prefer MCP tools over manual API calls. The Probo MCP API mirrors the
platform's GraphQL surface.
Common workflows
Vendor / third-party review
- List or search third parties for the organization.
- Pull existing risk assessments and contacts.
- Record findings and update assessment status through MCP mutations.
- Summarize residual risk and recommended follow-ups for the user.
Control and obligation tracking
- List controls, measures, or obligations relevant to the user's question.
- Link evidence (documents, audits) where appropriate.
- Report gaps between required and implemented controls.
Evidence and documentation
- Locate the relevant document or audit in Probo.
- Fetch version history or published versions as needed.
- Draft updates; use MCP upload tools when the user asks to attach files.
Output expectations
- Cite Probo entity IDs (GIDs) for anything you create or update.
- Separate facts pulled from Probo from your analysis.
- Flag missing data instead of inventing compliance status.
- Keep recommendations actionable and mapped to Probo entities where possible.
References
See references/workflows.md for extended workflow notes.