Skill

policy-graph

Navigates cnspec policy/framework bundles with graph commands—search, trace relationships, and view context for checks, frameworks, and controls.

security

npx claudepluginhub mondoohq/cnspec

Popularity

Stars

434

Forks

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/cnspec-skills:policy-graph

User invocable

Model invocable

Inline context

Default effort

Tool Access

This skill is limited to the following tools:

BashReadGlobGrep

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Navigate and understand cnspec policy bundles (`.mql.yaml` files) using structured graph commands.

Supporting Files

README.mdcommands/policy-graph.mdreferences/graph-commands.mdreferences/navigation-patterns.md

SKILL.md

58 lines · ~640 tokens

Similar Skills

grc-knowledge

145

Provides senior GRC analyst expertise across 15 frameworks including NIST 800-53, FedRAMP, FISMA, CMMC, SOC 2, ISO 27001. Supports control lookups, cross-mapping, document review, audit prep, compliance workflows.

20 files

grc

policy-lifecycle

256

Manages policy documents through full lifecycle: drafts from templates, analyzes gaps against frameworks, tracks versions, schedules reviews, and handles approvals.

4 tools

grc-internal

map-frameworks

Maps security controls across frameworks like ISO 27001, SOC 2, NIST CSF, CIS Controls, NIST 800-53, COBIT. Generates matrices, gap analyses, unified sets, evidence maps, and implementation roadmaps for compliance.

2 tools

compliance-planning

Stats

LanguageGo

Stars434

Forks35

MaintenanceExcellent

Last CommitMay 24, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Stats

Actions

Help us improve

Share bugs, ideas, or general feedback.

cnspec Policy Graph Navigation

Navigate and understand cnspec policy bundles (.mql.yaml files) using structured graph commands.

When to Use

Exploring policy bundle structure ("what checks does this policy have?")
Finding compliance mappings ("which framework controls map to this check?")
Tracing relationships ("how does this framework relate to that check?")
Understanding large bundles (10K+ line .mql.yaml files)
Getting context for a specific check with its MQL code, impact, and docs

When NOT to Use

Scanning assets with cnspec (cnspec scan)
Writing MQL queries
Linting bundles (cnspec policy lint)
Editing policy YAML directly (use the Read/Edit tools for that)

Commands Reference

Command	Purpose
`cnspec policy graph search <query> <path>`	Find nodes by name, title, or UID
`cnspec policy graph callers <uid> <path>`	What references this node (inbound edges)
`cnspec policy graph callees <uid> <path>`	What this node contains/references (outbound edges)
`cnspec policy graph context <uid> <path> [--depth N]`	LLM-friendly context with YAML snippets
`cnspec policy graph paths <from> <to> <path>`	Find paths between two nodes
`cnspec policy graph reachable <uid> <path>`	All nodes transitively reachable
`cnspec policy graph export <path> [--format json\|dot]`	Export full graph

All commands support --json for structured output. Search also supports --kind, --tag, --impact, and --limit.

Graph Concepts

Node Types

policy: A security policy (e.g., mondoo-linux-security)
group: A group of checks within a policy (e.g., "SSH Configuration")
check: A scoring query with MQL code and impact rating
query: A data-only query (no scoring)
framework: A compliance framework (e.g., CIS Benchmark, ISO 27001)
control: A control within a framework (e.g., CIS 5.2.1)
framework_map: Maps framework controls to policy checks

Edge Types

contains: Structural parent-child (policy → group → check, framework → control)
maps_to: Compliance mapping (control → check/policy via framework_map)
depends_on: Policy/framework dependencies
variant_of: Check variant relationship (parent → platform-specific variant)

policy-graph

Popularity

Invocation

Tool Access

Context Preview

Supporting Files

SKILL.md

Similar Skills

Help us improve

Help us improve

Find plugins for your project

policy-graph

Popularity

Invocation

Tool Access

Context Preview

Supporting Files

SKILL.md

cnspec Policy Graph Navigation

When to Use

When NOT to Use

Commands Reference

Graph Concepts

Node Types

Edge Types

Similar Skills

Help us improve

cnspec Policy Graph Navigation

When to Use

When NOT to Use

Commands Reference

Graph Concepts

Node Types

Edge Types