← Back to Skills Marketplace
Vendor Performance Audit
by
flynndavid
· GitHub ↗
· v1.0.0
357
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install vendor-performance-audit
Description
Conduct quarterly vendor reviews using KPI scoring across delivery, quality, communication, cost, and alignment to guide renewal, improvement, or offboarding...
Usage Guidance
This skill is essentially a human-facing audit template with clear scoring rules — useful — but it expects the agent to "pull ticket data, delivery logs, or incident records" without specifying how to connect to those systems. Before installing or enabling the skill:
- Confirm which ticketing/log systems (JIRA, ServiceNow, Zendesk, PagerDuty, S3/cloud logs, internal DB) the agent will access and how credentials will be provided.
- Prefer read-only, scoped credentials and explicit allowlists (only vendor X records for date range Y).
- Ask the publisher for details on what data the agent will read/store and where any generated reports are persisted or transmitted.
- Test on a non-production or sample vendor dataset first.
- Ensure audit logging is enabled (who/when the agent accessed records).
If the publisher cannot explain how data access will be scoped, treat the skill as higher risk — do not grant wide access to internal ticketing or logs.
Capability Analysis
Type: OpenClaw Skill
Name: vendor-performance-audit
Version: 1.0.0
The skill bundle defines a legitimate vendor performance audit process. However, the `SKILL.md` file instructs the AI agent to "Pull ticket data, delivery logs, or incident records." While this is plausibly needed for the stated purpose, it implies the agent requires access to potentially sensitive internal systems and data sources. This represents a significant risky capability that, if not properly secured by the OpenClaw platform or the agent's execution environment, could lead to unauthorized data access or exposure, classifying it as suspicious rather than benign due to the inherent risk of such data access capabilities.
Capability Assessment
Purpose & Capability
The name, description, and scoring framework align with a vendor-performance audit. However, the SKILL.md repeatedly requires the agent to "pull ticket data, delivery logs, or incident records" and to review incident logs — capabilities that normally require credentials or integrations (JIRA, ServiceNow, Zendesk, cloud logging, ticket DBs). The skill does not declare any required credentials or integrations, so there is a mild mismatch between expected data access and declared requirements.
Instruction Scope
Instructions are operational and actionable (scorecard, weighted calculation, incident severity modifiers, improvement-plan template). They explicitly direct the agent to obtain evidence from ticket systems and logs and to review incident histories. Those directives are useful for the audit purpose but are vague about which systems/sources to use and grant the agent broad discretion to access any available records — this is scope creep that could result in the agent reading sensitive internal files or services if permitted.
Install Mechanism
No install spec and no code files; the skill is instruction-only. This minimizes filesystem/remote-code risk — nothing is downloaded or executed by the skill package itself.
Credentials
The skill declares no required environment variables or credentials, yet its runtime instructions require access to potentially sensitive systems (ticketing/incident logs, delivery logs). The absence of declared credentials or integration requirements is disproportionate to the data the skill asks for and leaves unclear how the agent should be given access (and whether that access will be scoped/read-only).
Persistence & Privilege
The skill is not set to always: true, and model invocation is not disabled (normal). It does not request persistence or system-level configuration changes. There is no explicit privilege escalation or modification of other skills' configs.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install vendor-performance-audit - After installation, invoke the skill by name or use
/vendor-performance-audit - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of the Vendor Performance Audit skill.
- Provides a structured quarterly audit system for vendor evaluation using a weighted KPI scorecard.
- Includes phase-based process: scoring, composite tier assignment, incident log review, improvement planning, and offboarding criteria.
- Designed for regular reviews, triggered incidents, or pre-renewal assessments.
- Includes templates for improvement plans and audit scheduling.
Metadata
Frequently Asked Questions
What is Vendor Performance Audit?
Conduct quarterly vendor reviews using KPI scoring across delivery, quality, communication, cost, and alignment to guide renewal, improvement, or offboarding... It is an AI Agent Skill for Claude Code / OpenClaw, with 357 downloads so far.
How do I install Vendor Performance Audit?
Run "/install vendor-performance-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Vendor Performance Audit free?
Yes, Vendor Performance Audit is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Vendor Performance Audit support?
Vendor Performance Audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Vendor Performance Audit?
It is built and maintained by flynndavid (@flynndavid); the current version is v1.0.0.
More Skills