← 返回 Skills 市场
1kalin

Vendor Risk Assessment

作者 1kalin · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
501
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install vendor-risk-assessment
功能描述
Assess third-party vendor risk for AI and SaaS products. Evaluates security posture, data handling, compliance, financial stability, and operational resilien...
安全使用建议
This skill appears coherent and limited to vendor research/reporting. Before installing or using it, consider: (1) Do not paste or upload confidential vendor contracts, credentials, or screenshots containing secrets into the agent — only provide non-sensitive vendor metadata. (2) The agent will perform open-ended web research (public sites, Crunchbase/LinkedIn, status pages), so confirm you are comfortable with public-source queries. (3) Verify any critical findings by obtaining vendor-supplied artifacts (e.g., SOC2 report) directly rather than relying solely on automated summaries. (4) If you need the agent to fetch private documents, require explicit controls (scoped, temporary credentials) and audit logging. Overall this skill is internally consistent with its purpose, but treat outputs as advisory and validate high-impact decisions with primary evidence.
功能分析
Type: OpenClaw Skill Name: vendor-risk-assessment Version: 1.0.0 The skill instructs the AI agent to perform extensive web research and access external websites (e.g., vendor websites, Crunchbase, LinkedIn, status pages) based on user-provided input, as detailed in the 'Research Process' section of `SKILL.md`. While the stated purpose is benign (vendor risk assessment), this direct interaction with untrusted external data and user-supplied URLs creates a significant vulnerability for prompt injection or other forms of exploitation against the AI agent's underlying capabilities. There is no explicit malicious intent found, but the inherent risk of uncontrolled external interaction warrants a 'suspicious' classification.
能力评估
Purpose & Capability
Name, description, and SKILL.md focus on researching and scoring vendors across security, privacy, compliance, financial, operational, and contractual dimensions. There are no declared env vars, binaries, or install steps that would be unrelated to that research task.
Instruction Scope
The runtime instructions direct the agent to 'research' the vendor (website, certifications, status pages, breach history, Crunchbase/LinkedIn, customer reviews). That is consistent with the purpose, but the guidance is open-ended: it implicitly requires web access and judgement about what sources to trust. It does not instruct the agent to read local files, access unspecified credentials, or transmit data to unexpected endpoints, but the open-ended research step could lead an agent to contact external services or include harvested public information in reports.
Install Mechanism
Instruction-only skill with no install spec, no code files, and nothing will be written to disk by the skill itself. This is the lowest-risk install profile.
Credentials
No environment variables, credentials, or config paths are required. The assessment relies on public research and user-supplied vendor details, which is proportionate to the stated functionality.
Persistence & Privilege
always is false and the skill does not request permanent system presence or modify other skills. Model invocation is allowed by default (normal for skills) but not combined with any additional privileged access.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install vendor-risk-assessment
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /vendor-risk-assessment 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release - third-party vendor risk scoring and mitigation
元数据
Slug vendor-risk-assessment
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Vendor Risk Assessment 是什么?

Assess third-party vendor risk for AI and SaaS products. Evaluates security posture, data handling, compliance, financial stability, and operational resilien... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 501 次。

如何安装 Vendor Risk Assessment?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install vendor-risk-assessment」即可一键安装,无需额外配置。

Vendor Risk Assessment 是免费的吗?

是的,Vendor Risk Assessment 完全免费(开源免费),可自由下载、安装和使用。

Vendor Risk Assessment 支持哪些平台?

Vendor Risk Assessment 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Vendor Risk Assessment?

由 1kalin(@1kalin)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 留言讨论