RAG-style compliance question answering with regulatory interpretation guardrails. Answers questions strictly from provided context with source attribution, confidence scoring, and escalation triggers for critical issues.

From document to output

Provide document context

Paste your BAA, policy, procedures manual, or any compliance document

Ask your question

Ask anything about the document in plain English

Get a cited answer

Every claim is backed by a direct quote with document and section reference

See confidence and gaps

Know when the documents don't fully answer your question

What you get back

Every finding is structured JSON: status, evidence, risk level, and remediation in one package. No interpretation required before acting on it.

Example response
{
  "summary": "The BAA with Vendor X requires breach reporting within 48 hours of discovery, not 24 hours.",
  "citation": "[Vendor X BAA, Section 4.1]",
  "confidence": "High",
  "gaps": "None"
}

Two ways to run this skill

Install on ClawHub

One-click install for Claude and Cowork users. The skill runs as a native tool in your Claude environment — no configuration, no MCP setup. Apache 2.0.

Get on ClawHub →
Compliance Q&A SKILL.md

Install as an MCP server in Claude Code, or download the SKILL.md and use it as a system prompt with any LLM. Runs the full methodology against documents you provide. Apache 2.0. No account required.

Seven more skills in the methodology.

HIPAA Gap Analysis, BAA Review, Framework Mapping, Control Assessment, Risk Assessment, Compliance Q&A, Compliance Posture Intake, and Document Finder. All open source under Apache 2.0.