← Back to Skills Marketplace
1kalin

Vendor Risk Assessment

by 1kalin · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
501
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install vendor-risk-assessment
Description
Assess third-party vendor risk for AI and SaaS products. Evaluates security posture, data handling, compliance, financial stability, and operational resilien...
Usage Guidance
This skill appears coherent and limited to vendor research/reporting. Before installing or using it, consider: (1) Do not paste or upload confidential vendor contracts, credentials, or screenshots containing secrets into the agent — only provide non-sensitive vendor metadata. (2) The agent will perform open-ended web research (public sites, Crunchbase/LinkedIn, status pages), so confirm you are comfortable with public-source queries. (3) Verify any critical findings by obtaining vendor-supplied artifacts (e.g., SOC2 report) directly rather than relying solely on automated summaries. (4) If you need the agent to fetch private documents, require explicit controls (scoped, temporary credentials) and audit logging. Overall this skill is internally consistent with its purpose, but treat outputs as advisory and validate high-impact decisions with primary evidence.
Capability Analysis
Type: OpenClaw Skill Name: vendor-risk-assessment Version: 1.0.0 The skill instructs the AI agent to perform extensive web research and access external websites (e.g., vendor websites, Crunchbase, LinkedIn, status pages) based on user-provided input, as detailed in the 'Research Process' section of `SKILL.md`. While the stated purpose is benign (vendor risk assessment), this direct interaction with untrusted external data and user-supplied URLs creates a significant vulnerability for prompt injection or other forms of exploitation against the AI agent's underlying capabilities. There is no explicit malicious intent found, but the inherent risk of uncontrolled external interaction warrants a 'suspicious' classification.
Capability Assessment
Purpose & Capability
Name, description, and SKILL.md focus on researching and scoring vendors across security, privacy, compliance, financial, operational, and contractual dimensions. There are no declared env vars, binaries, or install steps that would be unrelated to that research task.
Instruction Scope
The runtime instructions direct the agent to 'research' the vendor (website, certifications, status pages, breach history, Crunchbase/LinkedIn, customer reviews). That is consistent with the purpose, but the guidance is open-ended: it implicitly requires web access and judgement about what sources to trust. It does not instruct the agent to read local files, access unspecified credentials, or transmit data to unexpected endpoints, but the open-ended research step could lead an agent to contact external services or include harvested public information in reports.
Install Mechanism
Instruction-only skill with no install spec, no code files, and nothing will be written to disk by the skill itself. This is the lowest-risk install profile.
Credentials
No environment variables, credentials, or config paths are required. The assessment relies on public research and user-supplied vendor details, which is proportionate to the stated functionality.
Persistence & Privilege
always is false and the skill does not request permanent system presence or modify other skills. Model invocation is allowed by default (normal for skills) but not combined with any additional privileged access.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install vendor-risk-assessment
  3. After installation, invoke the skill by name or use /vendor-risk-assessment
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release - third-party vendor risk scoring and mitigation
Metadata
Slug vendor-risk-assessment
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Vendor Risk Assessment?

Assess third-party vendor risk for AI and SaaS products. Evaluates security posture, data handling, compliance, financial stability, and operational resilien... It is an AI Agent Skill for Claude Code / OpenClaw, with 501 downloads so far.

How do I install Vendor Risk Assessment?

Run "/install vendor-risk-assessment" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Vendor Risk Assessment free?

Yes, Vendor Risk Assessment is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Vendor Risk Assessment support?

Vendor Risk Assessment is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Vendor Risk Assessment?

It is built and maintained by 1kalin (@1kalin); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments