Stats
Actions
Tags
From probo
Work with Probo SOC-2 compliance platform via MCP tools. Manage risks, documents (policies), controls, vendors, and evidence.
How this skill is triggered — by the user, by Claude, or both
Slash command
/probo:proboThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Configure in your project:
Configure in your project:
PROBO_API_TOKEN in .envprobo to .mcp.json (see https://www.getprobo.com/docs/api/mcp/overview)| Tool | Description |
|---|---|
mcp__probo__listOrganizations | List all orgs you have access to |
| Tool | Description | Key Parameters |
|---|---|---|
mcp__probo__listDocuments | List all documents/policies | organizationId |
mcp__probo__getDocument | Get document details | organizationId, documentId |
mcp__probo__addDocument | Create new document | organizationId, name, content |
mcp__probo__deleteDocument | Delete document | organizationId, documentId |
mcp__probo__listDocumentVersions | List document versions | organizationId, documentId |
mcp__probo__getDocumentVersion | Get specific version | organizationId, documentId, versionId |
mcp__probo__createDraftDocumentVersion | Create draft version | organizationId, documentId, content |
| Tool | Description | Key Parameters |
|---|---|---|
mcp__probo__listPeople | List people in org | organizationId |
| Tool | Description | Key Parameters |
|---|---|---|
mcp__probo__listFrameworks | List frameworks (SOC 2, etc.) | organizationId |
mcp__probo__listControls | List framework controls | organizationId, frameworkId |
mcp__probo__getControl | Get control details | organizationId, controlId |
mcp__probo__updateControl | Update control | organizationId, controlId |
mcp__probo__linkControlDocument | Link control to document | organizationId, controlId, documentId |
| Tool | Description | Key Parameters |
|---|---|---|
mcp__probo__listRisks | List all risks | organizationId |
| Tool | Description | Key Parameters |
|---|---|---|
mcp__probo__listVendors | List all vendors | organizationId |
| Tool | Description | Key Parameters |
|---|---|---|
mcp__probo__getMeasure | Get measure details | organizationId, measureId |
mcp__probo__listTasks | List tasks | organizationId |
Just ask naturally - the MCP tools will be used automatically:
"List all documents in Probo"
-> Uses mcp__probo__listDocuments
"Show me the risks"
-> Uses mcp__probo__listRisks
"What controls are in our SOC 2 framework?"
-> Uses mcp__probo__listFrameworks then mcp__probo__listControls
"Link control CC1.1 to the Information Security Policy"
-> Uses mcp__probo__linkControlDocument
| Value | Description |
|---|---|
MITIGATED | Controls reduce the risk |
ACCEPTED | Risk accepted as-is |
AVOIDED | Activity eliminated |
TRANSFERRED | Risk shifted (insurance) |
| Score | Level |
|---|---|
| >=20 | Catastrophic |
| 12-19 | Critical |
| 5-11 | Marginal |
| 1-4 | Negligible |
| Status | Description |
|---|---|
DRAFT | In development |
APPROVED | Active policy |
DEPRECATED | Retired |
For operations not covered by MCP tools, use the GraphQL API:
# SAFETY: Ensure variables are properly escaped to prevent JSON injection.
# Never interpolate unsanitized user input directly into the query string.
probo_query() {
curl -s -X POST "${PROBO_API_URL:-https://app.getprobo.com}/api/console/v1/query" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $PROBO_API_TOKEN" \
-d "{\"query\": \"$1\"}" | jq .
}
mutation { createRisk(input: {
organizationId: "$ORG_ID"
name: "Risk Name"
description: "Description"
treatment: MITIGATED
inherentLikelihood: 3
inherentImpact: 4
}) { risk { id } }}
mutation { createVendor(input: {
organizationId: "$ORG_ID"
name: "Vendor Name"
description: "What they provide"
serviceCriticality: HIGH
riskTier: TIER_2
}) { vendorEdge { node { id } } }}
mutation CreateMultipleRisks {
risk1: createRisk(input: {
organizationId: "$ORG_ID"
name: "Data Breach Risk"
description: "Unauthorized access to customer PII"
treatment: MITIGATED
inherentLikelihood: 4
inherentImpact: 5
residualLikelihood: 2
residualImpact: 3
}) { risk { id name } }
risk2: createRisk(input: {
organizationId: "$ORG_ID"
name: "Vendor Dependency Risk"
description: "Critical service unavailable due to vendor outage"
treatment: MITIGATED
inherentLikelihood: 3
inherentImpact: 4
residualLikelihood: 2
residualImpact: 2
}) { risk { id name } }
}
mutation CreateVendors {
vendor1: createVendor(input: {
organizationId: "$ORG_ID"
name: "Amazon Web Services"
description: "Cloud infrastructure"
serviceCriticality: CRITICAL
riskTier: TIER_1
}) { vendorEdge { node { id } } }
vendor2: createVendor(input: {
organizationId: "$ORG_ID"
name: "Stripe"
description: "Payment processing"
serviceCriticality: CRITICAL
riskTier: TIER_1
}) { vendorEdge { node { id } } }
}
query ControlsWithoutDocuments {
node(id: "$ORG_ID") {
... on Organization {
frameworks(first: 10) {
edges {
node {
name
controls(first: 200) {
edges {
node {
referenceID
name
policies { totalCount }
mesures { totalCount }
}
}
}
}
}
}
}
}
}
Filter results where policies.totalCount == 0 to find controls with no linked documents.
mutation UpdateRisk {
updateRisk(input: {
id: "RISK_ID"
residualLikelihood: 1
residualImpact: 2
treatment: MITIGATED
}) { risk { id residualLikelihood residualImpact } }
}
# Export risks
probo_query 'query { node(id: "$ORG_ID") { ... on Organization { risks(first: 100) { edges { node { id name treatment } } } } } }'
# Export vendors
probo_query 'query { node(id: "$ORG_ID") { ... on Organization { vendors(first: 50) { edges { node { id name riskTier } } } } } }'
# Count summary
probo_query 'query { node(id: "$ORG_ID") { ... on Organization { risks(first:1){totalCount} policies(first:1){totalCount} vendors(first:1){totalCount} } } }'
| Issue | Solution |
|---|---|
| MCP tools not found | Restart Claude Code, check .mcp.json |
| 401 Unauthorized | Verify PROBO_API_TOKEN in .env |
| Tool fails | Try GraphQL fallback |
npx claudepluginhub fsch/compliance-tools --plugin proboGuides SOC 2 Type II audit readiness by mapping Trust Services Criteria to NIST SP 800-53 controls, identifying gaps, and building a remediation plan.
<!-- AUTO-GENERATED by export-plugins.py — DO NOT EDIT -->