How do I install Gibs MCP Server?

Install Gibs MCP Server with a single command: npx mdskills install buildsyncinc/gibs-mcp. This downloads the skill files into your project and your AI agent picks them up automatically.

What platforms support Gibs MCP Server?

Gibs MCP Server works with Claude Code, Claude Desktop, Cursor, Vscode Copilot, Windsurf, Continue Dev, Gemini Cli, Amp, Roo Code, Goose. Skills use the open SKILL.md format which is compatible with any AI coding agent that reads markdown instructions.

← Back to MCP servers

Gibs MCP Server

Name: Gibs MCP Server: AI Agent Skill
Rating: 8 (1 reviews)
Author: buildsyncinc

Verified

MCP ServerDocumentationIntermediate

Regulatory compliance for AI-powered development tools — classify AI systems, check obligations, and get article-level citations across 240+ articles and 3 major regulations. Full Documentation · Get API Key · API Reference Gibs MCP Server connects your AI development environment directly to a regulatory compliance knowledge base. Currently covering: Every response includes article-level citations

by @buildsyncinc0Updated 1 weeks ago

Add this skill

npx mdskills install buildsyncinc/gibs-mcp

Fork & Edit

Skill Advisor8.0

Comprehensive regulatory compliance MCP server with strong tool descriptions and excellent examples

+Provides three well-documented tools with clear parameters and rich usage examples
+Includes detailed article-level citations across EU AI Act, GDPR, and DORA regulations
+Clear setup instructions with authentication options and client compatibility information
-Declares filesystem read and shell execution permissions that aren't justified by documented capabilities

SKILL.md

Edit in Browser

1# Gibs MCP Server
2 
3[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
4 
5**Regulatory compliance for AI-powered development tools** — classify AI systems, check obligations, and get article-level citations across 240+ articles and 3 major regulations.
6 
7[Full Documentation](https://docs.gibs.dev) · [Get API Key](https://gibs.dev) · [API Reference](https://docs.gibs.dev/api-reference)
8 
9---
10 
11## Overview
12 
13Gibs MCP Server connects your AI development environment directly to a regulatory compliance knowledge base. Currently covering:
14 
15| Regulation | Scope | Articles |
16|---|---|---|
17| **EU AI Act** | AI system classification, prohibited practices, obligations by risk level | 113 articles + 13 annexes |
18| **GDPR** | Data protection, processing obligations, data subject rights | 99 articles |
19| **DORA** | ICT risk management, incident reporting, third-party oversight for financial entities | 64 articles + 12 delegated/implementing acts |
20 
21Every response includes **article-level citations** to binding legal text, with real-time corpus updates as regulations evolve.
22 
23---
24 
25## Quick Start
26 
27### 1. Get an API Key
28 
29Sign up at [gibs.dev](https://gibs.dev) and grab your API key from the dashboard.
30 
31### 2. Connect via Claude Desktop
32 
33Add this to your Claude Desktop configuration file (`claude_desktop_config.json`):
34 
35```json
36{
37  "mcpServers": {
38    "gibs": {
39      "url": "https://mcp.gibs.dev/sse"
40    }
41  }
42}
43```
44 
45### 3. Authenticate
46 
47Pass your API key as the `user_api_key` parameter when calling any tool, or set it in your environment:
48 
49```bash
50export GIBS_API_KEY=your_api_key_here
51```
52 
53---
54 
55## Tools
56 
57### `classify_ai_system`
58 
59Classify an AI system under AI Act risk levels (unacceptable, high-risk, limited, minimal) with full legal reasoning.
60 
61| Parameter | Type | Required | Description |
62|---|---|---|---|
63| `description` | string | Yes | What the AI system does (10–5000 chars) |
64| `data_types` | list[string] | No | Types of data processed (e.g., `["biometric", "personal"]`) |
65| `decision_scope` | string | No | What decisions the system influences |
66| `sector` | string | No | Industry sector (e.g., `"healthcare"`, `"finance"`, `"hr"`) |
67 
68**Example prompt:**
69 
70> Classify my facial recognition attendance system for schools
71 
72**What you get back:**
73 
74- Risk classification (e.g., **high-risk** under Annex III, point 1(a))
75- Specific Article 6 analysis with Annex III cross-references
76- Applicable obligations based on classification
77- Relevant exemptions or exceptions, if any
78 
79---
80 
81### `check_compliance`
82 
83Ask any regulatory compliance question and get a structured answer with article-level citations.
84 
85| Parameter | Type | Required | Description |
86|---|---|---|---|
87| `question` | string | Yes | Compliance question (10–2000 chars) |
88| `system_description` | string | No | Context about your AI system or organization |
89| `regulation` | string | No | Target regulation: `"ai_act"`, `"gdpr"`, `"dora"`, or `"both"` (default: `"both"`) |
90 
91**Example prompts:**
92 
93> What are the GDPR requirements for a data breach notification?
94 
95Returns Article 33 (notification to supervisory authority) and Article 34 (communication to data subjects) obligations, including the 72-hour notification timeline, required content, and exceptions.
96 
97> Does DORA apply to a fintech startup processing payments?
98 
99Returns Article 2 scope analysis with financial entity classification, applicable ICT risk management obligations, and relevant delegated act requirements.
100 
101---
102 
103### `health_check`
104 
105Check if the compliance API is available. No parameters required.
106 
107---
108 
109## Usage Examples
110 
111### 1. AI System Classification
112 
113```
114You: Classify my facial recognition attendance system for schools
115 
116Gibs: This system is classified as HIGH-RISK under the EU AI Act.
117 
118- Article 6(2) read with Annex III, point 1(a): biometric identification
119  and categorisation of natural persons
120- As used in an educational context, also caught by Annex III, point 3(a):
121  AI systems intended to be used to determine access to educational institutions
122 
123Obligations include:
124- Risk management system (Article 9)
125- Data governance (Article 10)
126- Technical documentation (Article 11)
127- Record-keeping (Article 12)
128- Transparency to users (Article 13)
129- Human oversight (Article 14)
130- Accuracy, robustness, cybersecurity (Article 15)
131- Conformity assessment before placing on market (Article 43)
132```
133 
134### 2. GDPR Data Breach Obligations
135 
136```
137You: What are the GDPR requirements for a data breach notification?
138 
139Gibs: GDPR imposes two notification obligations following a personal data breach:
140 
1411. Notification to supervisory authority — Article 33
142   - Without undue delay and no later than 72 hours after becoming aware
143   - Must include: nature of breach, categories and approximate number of
144     data subjects, likely consequences, measures taken or proposed
145   - Exception: unlikely to result in a risk to rights and freedoms
146 
1472. Communication to data subjects — Article 34
148   - Required when breach is likely to result in a HIGH risk
149   - Must describe in clear and plain language the nature of the breach
150   - Not required if: appropriate technical safeguards applied (e.g.,
151     encryption), subsequent measures taken that eliminate the high risk,
152     or it would involve disproportionate effort (use public communication instead)
153 
154The controller must also document all breaches per Article 33(5), regardless
155of whether they meet the notification threshold.
156```
157 
158### 3. DORA Scope Analysis
159 
160```
161You: Does DORA apply to a fintech startup processing payments?
162 
163Gibs: Yes. Under Article 2(1), DORA applies to payment institutions as
164defined in Directive 2015/2366 (PSD2), which includes entities authorized
165to provide payment services.
166 
167As a financial entity under DORA, the startup must comply with:
168- ICT risk management framework (Chapter II, Articles 5–16)
169- ICT-related incident management and reporting (Chapter III, Articles 17–23)
170- Digital operational resilience testing (Chapter IV, Articles 24–27)
171- ICT third-party risk management (Chapter V, Articles 28–44)
172- Information-sharing arrangements (Chapter VI, Article 45)
173 
174Note: Proportionality applies — Article 4 allows competent authorities to
175consider the size, risk profile, and complexity of the financial entity when
176assessing compliance.
177```
178 
179---
180 
181## Connection Details
182 
183| | |
184|---|---|
185| **SSE Endpoint** | `https://mcp.gibs.dev/sse` |
186| **Protocol** | [Model Context Protocol (MCP)](https://modelcontextprotocol.io/) over Server-Sent Events |
187| **Authentication** | API key from [gibs.dev](https://gibs.dev) dashboard |
188 
189---
190 
191## Supported Clients
192 
193Any MCP-compatible client can connect to the Gibs server. Tested with:
194 
195- [Claude Desktop](https://claude.ai/download)
196- [Claude Code](https://docs.anthropic.com/en/docs/claude-code)
197- [Cursor](https://cursor.sh)
198- Any client supporting the MCP SSE transport
199 
200---
201 
202## Links
203 
204- **Website:** [gibs.dev](https://gibs.dev)
205- **Documentation:** [docs.gibs.dev](https://docs.gibs.dev)
206- **API Reference:** [docs.gibs.dev/api-reference](https://docs.gibs.dev/api-reference)
207- **Python SDK:** [`pip install gibs`](https://pypi.org/project/gibs/)
208- **Status:** [status.gibs.dev](https://status.gibs.dev)
209 
210---
211 
212## License
213 
214MIT License. See [LICENSE](LICENSE) for details.
215 
216---
217 
218Built by [Gibbr AB](https://gibs.dev) — making regulatory compliance accessible for developers.
219

Full transparency — inspect the skill content before installing.