Evaluate individual framework controls against organizational documentation with evidence extraction, quality evaluation, severity classification, and actionable remediation recommendations.

From document to output

Specify the control

Provide the control ID (e.g., AC-2, 164.312(a)(1), A.9.4.1)

Provide your document

The policy or procedure document to assess against

Evidence is extracted

Direct quotes are pulled from every relevant section

Quality is evaluated

Evidence is rated: specific procedures > general policy statements

Severity is classified

Gaps rated critical/high/medium/low with remediation timelines

What you get back

Every finding is structured JSON: status, evidence, risk level, and remediation in one package. No interpretation required before acting on it.

Example response
{
  "control_id": "AU-6",
  "control_name": "Audit Record Review, Analysis, and Reporting",
  "status": "partial",
  "severity": "high",
  "confidence": 0.85,
  "gap_description": "Log storage exists but no review schedule, responsible parties, or escalation procedures defined."
}

Two ways to run this skill

Install on ClawHub

One-click install for Claude and Cowork users. The skill runs as a native tool in your Claude environment — no configuration, no MCP setup. Apache 2.0.

Get on ClawHub →
Control Assessment SKILL.md

Install as an MCP server in Claude Code, or download the SKILL.md and use it as a system prompt with any LLM. Runs the full methodology against documents you provide. Apache 2.0. No account required.

Seven more skills in the methodology.

HIPAA Gap Analysis, BAA Review, Framework Mapping, Control Assessment, Risk Assessment, Compliance Q&A, Compliance Posture Intake, and Document Finder. All open source under Apache 2.0.