← 返回 Skills 市场
Vendor Performance Audit
作者
flynndavid
· GitHub ↗
· v1.0.0
357
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install vendor-performance-audit
功能描述
Conduct quarterly vendor reviews using KPI scoring across delivery, quality, communication, cost, and alignment to guide renewal, improvement, or offboarding...
安全使用建议
This skill is essentially a human-facing audit template with clear scoring rules — useful — but it expects the agent to "pull ticket data, delivery logs, or incident records" without specifying how to connect to those systems. Before installing or enabling the skill:
- Confirm which ticketing/log systems (JIRA, ServiceNow, Zendesk, PagerDuty, S3/cloud logs, internal DB) the agent will access and how credentials will be provided.
- Prefer read-only, scoped credentials and explicit allowlists (only vendor X records for date range Y).
- Ask the publisher for details on what data the agent will read/store and where any generated reports are persisted or transmitted.
- Test on a non-production or sample vendor dataset first.
- Ensure audit logging is enabled (who/when the agent accessed records).
If the publisher cannot explain how data access will be scoped, treat the skill as higher risk — do not grant wide access to internal ticketing or logs.
功能分析
Type: OpenClaw Skill
Name: vendor-performance-audit
Version: 1.0.0
The skill bundle defines a legitimate vendor performance audit process. However, the `SKILL.md` file instructs the AI agent to "Pull ticket data, delivery logs, or incident records." While this is plausibly needed for the stated purpose, it implies the agent requires access to potentially sensitive internal systems and data sources. This represents a significant risky capability that, if not properly secured by the OpenClaw platform or the agent's execution environment, could lead to unauthorized data access or exposure, classifying it as suspicious rather than benign due to the inherent risk of such data access capabilities.
能力评估
Purpose & Capability
The name, description, and scoring framework align with a vendor-performance audit. However, the SKILL.md repeatedly requires the agent to "pull ticket data, delivery logs, or incident records" and to review incident logs — capabilities that normally require credentials or integrations (JIRA, ServiceNow, Zendesk, cloud logging, ticket DBs). The skill does not declare any required credentials or integrations, so there is a mild mismatch between expected data access and declared requirements.
Instruction Scope
Instructions are operational and actionable (scorecard, weighted calculation, incident severity modifiers, improvement-plan template). They explicitly direct the agent to obtain evidence from ticket systems and logs and to review incident histories. Those directives are useful for the audit purpose but are vague about which systems/sources to use and grant the agent broad discretion to access any available records — this is scope creep that could result in the agent reading sensitive internal files or services if permitted.
Install Mechanism
No install spec and no code files; the skill is instruction-only. This minimizes filesystem/remote-code risk — nothing is downloaded or executed by the skill package itself.
Credentials
The skill declares no required environment variables or credentials, yet its runtime instructions require access to potentially sensitive systems (ticketing/incident logs, delivery logs). The absence of declared credentials or integration requirements is disproportionate to the data the skill asks for and leaves unclear how the agent should be given access (and whether that access will be scoped/read-only).
Persistence & Privilege
The skill is not set to always: true, and model invocation is not disabled (normal). It does not request persistence or system-level configuration changes. There is no explicit privilege escalation or modification of other skills' configs.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install vendor-performance-audit - 安装完成后,直接呼叫该 Skill 的名称或使用
/vendor-performance-audit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the Vendor Performance Audit skill.
- Provides a structured quarterly audit system for vendor evaluation using a weighted KPI scorecard.
- Includes phase-based process: scoring, composite tier assignment, incident log review, improvement planning, and offboarding criteria.
- Designed for regular reviews, triggered incidents, or pre-renewal assessments.
- Includes templates for improvement plans and audit scheduling.
元数据
常见问题
Vendor Performance Audit 是什么?
Conduct quarterly vendor reviews using KPI scoring across delivery, quality, communication, cost, and alignment to guide renewal, improvement, or offboarding... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 357 次。
如何安装 Vendor Performance Audit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install vendor-performance-audit」即可一键安装,无需额外配置。
Vendor Performance Audit 是免费的吗?
是的,Vendor Performance Audit 完全免费(开源免费),可自由下载、安装和使用。
Vendor Performance Audit 支持哪些平台?
Vendor Performance Audit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Vendor Performance Audit?
由 flynndavid(@flynndavid)开发并维护,当前版本 v1.0.0。
推荐 Skills