← 返回 Skills 市场
supplier-risk-scoring
作者
flynndavid
· GitHub ↗
· v1.0.0
285
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install supplier-risk-scoring
功能描述
Generates a 0-100 Supplier Risk Index score across financial, dependency, compliance, performance, and geographic risks with tiered action plans.
安全使用建议
This skill is a reusable rubric — it doesn't install code or ask for credentials — but it expects you (or the agent) to gather potentially sensitive vendor data from third parties or to upload vendor financial/legal documents. Before using it: (1) Confirm how you will supply data (manual input vs. agent web access vs. paid API) and whether you need to provide any API keys or paid reports; (2) Do not paste confidential vendor contracts, bank account details, or personally identifying customer data into an agent unless you are comfortable with where that data will be stored or transmitted; (3) If you want automated lookups (D&B, Experian, SEC), plan for legitimate API access and validate licensing; (4) Consider organizational privacy/compliance policies for sharing vendor financials and legal histories; (5) If you allow autonomous agent invocation, supervise first runs to ensure the agent requests and handles only the data you intend it to collect. I have moderate confidence because the provided SKILL.md appears coherent, but I could not review the file beyond what was supplied — if the full SKILL.md contains hidden instructions to access local files, environment variables, or to call arbitrary external endpoints, reassess and share those sections for a more confident evaluation.
功能分析
Type: OpenClaw Skill
Name: supplier-risk-scoring
Version: 1.0.0
The skill bundle provides a detailed framework for supplier risk scoring, including assessment criteria, scoring rubrics, and recommended actions. All content in `_meta.json` and `SKILL.md` is descriptive and instructional, aligning perfectly with the stated purpose of risk management. There are no instructions for the AI agent to perform unauthorized actions, exfiltrate data, install backdoors, or engage in any other malicious behavior. The suggested 'Google News search' in `SKILL.md` is a descriptive data source for a legitimate purpose, not an imperative command for malicious prompt injection.
能力评估
Purpose & Capability
The name and description (Supplier Risk Index, 0-100 score across five dimensions) match the SKILL.md content. The skill is instruction-only and requires no binaries, installs, or credentials — which is coherent for a rubric/assessment tool that expects human-supplied inputs or public research rather than automated API integration.
Instruction Scope
The instructions tell the agent/user to collect data from public/third-party sources (Dun & Bradstreet, SEC filings, LinkedIn, news, vendor-supplied financials) and to evaluate multiple vendor-specific indicators. The SKILL.md does not instruct the agent to read arbitrary local files or environment variables, nor to transmit data to unknown endpoints. However, it does implicitly expect either manual input or web lookups of potentially sensitive vendor financial and legal data; the skill does not provide integration steps or API keys for paid sources, so the workload falls to the user or the agent's web access. This creates privacy/operational considerations (see guidance).
Install Mechanism
No install spec and no code files — the skill is instruction-only, which minimizes installation risk (nothing is written to disk or executed by default).
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. The external data sources mentioned are appropriate to the purpose, but the SKILL.md does not request API keys or credentials — meaning the user must either supply data manually or provide their own credentials if they want automated lookups.
Persistence & Privilege
always is false and there are no indications the skill requests persistent system privileges or modifies other skills. The skill is user-invocable and may be invoked autonomously by the agent (platform default); this is normal and not by itself concerning.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install supplier-risk-scoring - 安装完成后,直接呼叫该 Skill 的名称或使用
/supplier-risk-scoring触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Supplier Risk Scoring System – Initial Release
- Launches version 1.0.0, introducing the Supplier Risk Index (SRI) framework.
- Provides a 0–100 risk ("health") score across five risk dimensions for every vendor.
- Defines tier classifications (Green/Yellow/Red) and recommends action plans based on scores.
- Establishes clear scoring rubrics, data sources, and escalation actions for each risk area.
- Supports use at vendor onboarding, annual reviews, and change events for objective, consistent risk assessment.
元数据
常见问题
supplier-risk-scoring 是什么?
Generates a 0-100 Supplier Risk Index score across financial, dependency, compliance, performance, and geographic risks with tiered action plans. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 285 次。
如何安装 supplier-risk-scoring?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install supplier-risk-scoring」即可一键安装,无需额外配置。
supplier-risk-scoring 是免费的吗?
是的,supplier-risk-scoring 完全免费(开源免费),可自由下载、安装和使用。
supplier-risk-scoring 支持哪些平台?
supplier-risk-scoring 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 supplier-risk-scoring?
由 flynndavid(@flynndavid)开发并维护,当前版本 v1.0.0。
推荐 Skills