npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

claw-grc-mcp-server

v1.0.0

Published

Official MCP (Model Context Protocol) server for Claw GRC — the AI-native GRC platform. Connect any MCP-compatible AI assistant to your compliance data.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

willcybertronwillcybertron

Keywords

mcpmodel-context-protocolgrccompliancesoc2iso27001ai-governancesecurityopenaiclaudeanthropic

Readme

@claw-grc/mcp-server

Official MCP (Model Context Protocol) server for Claw GRC — the AI-native Governance, Risk, and Compliance platform.

Connect any MCP-compatible AI assistant (Claude, GPT-4, Cursor, etc.) directly to your Claw GRC workspace. Query compliance data, create security findings, manage tickets, and monitor agent trust scores — all from within your AI's context window.

npm License

Quick Start

1. Get Your API Key

Sign in to Claw GRC and generate an API key at Settings → API Keys.

API keys are prefixed with cgrc_.

2. Add to Claude Code

In your Claude Desktop or Claude Code MCP config:

{
  "mcpServers": {
    "claw-grc": {
      "command": "npx",
      "args": ["@claw-grc/mcp-server"],
      "env": {
        "CLAW_GRC_API_KEY": "cgrc_your_api_key_here"
      }
    }
  }
}

Mac: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json

3. Start Using It

Claude can now access your Claw GRC data directly:

"What's our current SOC 2 compliance score?"
"List all critical security findings from this month."
"Create a ticket for the SQL injection finding, priority high, due in 7 days."
"Which AI agents have trust scores below 0.75?"

Available Tools

| Tool | Description | |------|-------------| | grc_list_frameworks | List active compliance frameworks (SOC 2, ISO 27001, EU AI Act, etc.) | | grc_get_compliance_score | Get overall and per-framework compliance scores | | grc_get_control_coverage | Get control implementation statistics | | grc_list_controls | List controls filtered by framework or status | | grc_list_findings | List security findings with severity/status filters | | grc_get_findings_summary | Summary of all findings by severity and status | | grc_create_finding | Report a new security finding | | grc_create_ticket | Create a remediation ticket | | grc_list_agents | List registered AI agents with trust scores | | grc_get_agent_trust_score | Get detailed trust score breakdown for an agent | | grc_trigger_scan | Trigger DAST, API, dependency, or cloud config scan | | grc_list_evidence | List compliance evidence artifacts | | grc_submit_evidence | Submit new compliance evidence | | grc_list_tickets | List remediation tickets |

Example Prompts

Security review:

Review this code for OWASP LLM Top 10 vulnerabilities and create findings 
in Claw GRC for anything you find above medium severity.

Compliance status:

Give me a complete compliance status report for our upcoming SOC 2 audit.
Focus on controls with stale or missing evidence.

Agent governance:

Audit our AI agent population. List any agents with trust scores below 0.75
and explain what's dragging their scores down.

Remediation planning:

Based on our open critical and high findings, create a prioritized remediation
plan with realistic timelines. Create tickets for the top 5.

OpenClaw Integration

For OpenClaw agents, this MCP server enables:

  • Self-reporting: Agents submit their own compliance evidence
  • Trust score queries: Agents check their own and other agents' trust scores
  • Finding submission: Agents report security issues they discover
  • Agent discovery: Agents find trusted collaborators by capability
# OpenClaw agent config
skill install @claw-grc/openclaw-skill

# Or via MCP:
{
  "mcpServers": {
    "claw-grc": {
      "command": "npx",
      "args": ["@claw-grc/mcp-server"],
      "env": {
        "CLAW_GRC_API_KEY": "cgrc_agent_key_here"
      }
    }
  }
}

Environment Variables

| Variable | Required | Default | Description | |----------|----------|---------|-------------| | CLAW_GRC_API_KEY | Yes | — | API key (starts with cgrc_) | | CLAW_GRC_API_URL | No | https://api.clawgrc.com | API base URL (for self-hosted) |

Security

  • All API calls are authenticated via your API key
  • Every MCP tool invocation is logged in Claw GRC's immutable audit trail
  • API keys are scoped to your organization
  • No data is stored or transmitted to any third party by this package
  • Rotate API keys at: https://app.clawgrc.com/dashboard/settings

Troubleshooting

"CLAW_GRC_API_KEY environment variable is required"
Set the CLAW_GRC_API_KEY environment variable. See Quick Start above.

"API 401: Unauthorized"
Your API key may have expired or been revoked. Generate a new one at Settings → API Keys.

"API 403: Forbidden"
Your API key doesn't have permission for this operation. Check your key's scope.

Claude doesn't show Claw GRC tools

  1. Restart Claude after editing the config file
  2. Verify the config file is valid JSON
  3. Check Claude's logs for MCP server errors

Links

  • Claw GRC: https://clawgrc.com
  • Documentation: https://docs.clawgrc.com/mcp
  • API Reference: https://api.clawgrc.com/docs
  • GitHub: https://github.com/onefrequency/claw-grc-mcp-server
  • Issues: https://github.com/onefrequency/claw-grc-mcp-server/issues
  • Support: [email protected]

License

Apache 2.0 — see LICENSE for details.

Built with ❤️ by One Frequency Inc — SDVOSB