{ "schemaVersion": "1.0", "item": { "slug": "afrexai-vendor-risk", "name": "Vendor Risk Assessment", "source": "tencent", "type": "skill", "category": "金融交易", "sourceUrl": "https://clawhub.ai/1kalin/afrexai-vendor-risk", "canonicalUrl": "https://clawhub.ai/1kalin/afrexai-vendor-risk", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/afrexai-vendor-risk", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-vendor-risk", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "README.md", "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/afrexai-vendor-risk" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/afrexai-vendor-risk", "agentPageUrl": "https://openagent3.xyz/skills/afrexai-vendor-risk/agent", "manifestUrl": "https://openagent3.xyz/skills/afrexai-vendor-risk/agent.json", "briefUrl": "https://openagent3.xyz/skills/afrexai-vendor-risk/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Vendor Risk Assessment", "body": "Score and manage third-party vendor risk across security, financial stability, compliance, operational dependency, and data handling. Built for procurement teams, CISOs, and operations leaders managing 10+ vendors." }, { "title": "Usage", "body": "Run this assessment for each critical vendor. Aggregate scores into a portfolio risk view." }, { "title": "1. Vendor Risk Scorecard (5 Domains, 0-100 each)", "body": "Security Posture (0-100)\n\nSOC 2 Type II current? (+20)\nPenetration test within 12 months? (+15)\nIncident response plan documented? (+15)\nData encryption at rest and transit? (+15)\nMFA enforced for all access? (+10)\nSecurity questionnaire completed? (+10)\nSubprocessor list disclosed? (+15)\n\nFinancial Stability (0-100)\n\nRevenue trend (growing +25, flat +10, declining 0)\nFunding runway >18 months? (+20)\nCustomer concentration <20%? (+15)\nPublic financials or audited statements? (+15)\nNo material litigation? (+15)\nCredit rating acceptable? (+10)\n\nCompliance & Regulatory (0-100)\n\nIndustry certifications current? (+20)\nGDPR/CCPA compliant? (+20)\nData processing agreement signed? (+15)\nRegulatory audit history clean? (+15)\nRight to audit clause? (+15)\nData residency requirements met? (+15)\n\nOperational Dependency (0-100)\n\nSLA with financial penalties? (+20)\nUptime >99.9% trailing 12 months? (+20)\nDisaster recovery tested annually? (+15)\nSingle point of failure for your business? (-20)\nMigration plan documented? (+15)\nAPI/export capability? (+15)\nVendor lock-in risk assessment? (+15)\n\nData Handling (0-100)\n\nData classification documented? (+20)\nRetention/deletion policies clear? (+20)\nBreach notification <72 hours? (+20)\nData portability guaranteed? (+15)\nAI/ML training on your data? (opt-out available +15, no opt-out -10)\nAccess logging and audit trail? (+10)" }, { "title": "2. Risk Tier Classification", "body": "Aggregate ScoreTierReview CadenceAction400-500Low RiskAnnualStandard monitoring300-399ModerateSemi-annualRemediation plan required200-299High RiskQuarterlyExecutive escalation, alternatives identified0-199CriticalMonthlyExit plan required within 90 days" }, { "title": "3. Portfolio Risk View", "body": "Total vendors: ___\nCritical tier: ___ (target: 0)\nHigh risk: ___ (target: <10%)\nModerate: ___ (target: <30%)\nLow risk: ___ (target: >60%)\n\nTop 3 concentration risks:\n1. [Vendor] — [function] — [% of operations dependent]\n2. [Vendor] — [function] — [% of operations dependent]\n3. [Vendor] — [function] — [% of operations dependent]\n\nAnnual vendor spend: $___\nSpend on high/critical vendors: $___ (___%)" }, { "title": "4. Cost of Vendor Failure", "body": "Impact AreaCalculationRevenue lossDaily revenue × expected downtime daysRecovery costMigration estimate + emergency procurementCompliance penaltyRegulatory fine range for data breach via vendorReputation damageCustomer churn rate × LTV × affected customersOperational disruptionStaff idle cost × recovery period" }, { "title": "5. Quarterly Review Template", "body": "Score changes since last review (flag any >10 point drops)\nNew subprocessors added by vendor\nSLA performance vs target\nSecurity incidents or near-misses\nContract renewal timeline and negotiation leverage\nAlternative vendor benchmarking" }, { "title": "6. Red Flags (Immediate Action)", "body": "Vendor acquired by competitor\nKey personnel departures (CISO, CTO)\nDowntime exceeding SLA 2+ months\nRegulatory action or investigation\nRefusal to complete security questionnaire\nData breach affecting other customers\nSudden pricing changes >20%" }, { "title": "Industry-Specific Vendor Risks", "body": "IndustryCritical Vendor CategorySpecific RiskHealthcareEHR, billing, telehealthHIPAA BAA gaps, PHI exposureFinancial ServicesCore banking, payments, KYCPCI DSS, regulatory reportingLegalCase management, ediscoveryPrivilege breach, client dataSaaSInfrastructure, auth, paymentsCascading outages, PIIManufacturingMES, supply chain, IoTIP theft, production stoppageConstructionProject management, safetyCompliance documentation gapsEcommercePayments, fulfillment, CDNPCI, availability during peakRecruitmentATS, background check, payrollCandidate PII, bias in AI screeningReal EstateMLS, transaction mgmt, titleWire fraud, closing delaysProfessional ServicesCRM, billing, document mgmtClient confidentiality breach" }, { "title": "Get the Full Playbook", "body": "AI Revenue Leak Calculator — Quantify your total automation opportunity\nIndustry Context Packs — $47 each, deep-dive playbooks\nAgent Setup Wizard — Build your AI agent workforce" } ], "body": "Vendor Risk Assessment\n\nScore and manage third-party vendor risk across security, financial stability, compliance, operational dependency, and data handling. Built for procurement teams, CISOs, and operations leaders managing 10+ vendors.\n\nUsage\n\nRun this assessment for each critical vendor. Aggregate scores into a portfolio risk view.\n\nAssessment Framework\n1. Vendor Risk Scorecard (5 Domains, 0-100 each)\n\nSecurity Posture (0-100)\n\nSOC 2 Type II current? (+20)\nPenetration test within 12 months? (+15)\nIncident response plan documented? (+15)\nData encryption at rest and transit? (+15)\nMFA enforced for all access? (+10)\nSecurity questionnaire completed? (+10)\nSubprocessor list disclosed? (+15)\n\nFinancial Stability (0-100)\n\nRevenue trend (growing +25, flat +10, declining 0)\nFunding runway >18 months? (+20)\nCustomer concentration <20%? (+15)\nPublic financials or audited statements? (+15)\nNo material litigation? (+15)\nCredit rating acceptable? (+10)\n\nCompliance & Regulatory (0-100)\n\nIndustry certifications current? (+20)\nGDPR/CCPA compliant? (+20)\nData processing agreement signed? (+15)\nRegulatory audit history clean? (+15)\nRight to audit clause? (+15)\nData residency requirements met? (+15)\n\nOperational Dependency (0-100)\n\nSLA with financial penalties? (+20)\nUptime >99.9% trailing 12 months? (+20)\nDisaster recovery tested annually? (+15)\nSingle point of failure for your business? (-20)\nMigration plan documented? (+15)\nAPI/export capability? (+15)\nVendor lock-in risk assessment? (+15)\n\nData Handling (0-100)\n\nData classification documented? (+20)\nRetention/deletion policies clear? (+20)\nBreach notification <72 hours? (+20)\nData portability guaranteed? (+15)\nAI/ML training on your data? (opt-out available +15, no opt-out -10)\nAccess logging and audit trail? (+10)\n2. Risk Tier Classification\nAggregate Score\tTier\tReview Cadence\tAction\n400-500\tLow Risk\tAnnual\tStandard monitoring\n300-399\tModerate\tSemi-annual\tRemediation plan required\n200-299\tHigh Risk\tQuarterly\tExecutive escalation, alternatives identified\n0-199\tCritical\tMonthly\tExit plan required within 90 days\n3. Portfolio Risk View\nTotal vendors: ___\nCritical tier: ___ (target: 0)\nHigh risk: ___ (target: <10%)\nModerate: ___ (target: <30%)\nLow risk: ___ (target: >60%)\n\nTop 3 concentration risks:\n1. [Vendor] — [function] — [% of operations dependent]\n2. [Vendor] — [function] — [% of operations dependent]\n3. [Vendor] — [function] — [% of operations dependent]\n\nAnnual vendor spend: $___\nSpend on high/critical vendors: $___ (___%)\n\n4. Cost of Vendor Failure\nImpact Area\tCalculation\nRevenue loss\tDaily revenue × expected downtime days\nRecovery cost\tMigration estimate + emergency procurement\nCompliance penalty\tRegulatory fine range for data breach via vendor\nReputation damage\tCustomer churn rate × LTV × affected customers\nOperational disruption\tStaff idle cost × recovery period\n5. Quarterly Review Template\nScore changes since last review (flag any >10 point drops)\nNew subprocessors added by vendor\nSLA performance vs target\nSecurity incidents or near-misses\nContract renewal timeline and negotiation leverage\nAlternative vendor benchmarking\n6. Red Flags (Immediate Action)\nVendor acquired by competitor\nKey personnel departures (CISO, CTO)\nDowntime exceeding SLA 2+ months\nRegulatory action or investigation\nRefusal to complete security questionnaire\nData breach affecting other customers\nSudden pricing changes >20%\nIndustry-Specific Vendor Risks\nIndustry\tCritical Vendor Category\tSpecific Risk\nHealthcare\tEHR, billing, telehealth\tHIPAA BAA gaps, PHI exposure\nFinancial Services\tCore banking, payments, KYC\tPCI DSS, regulatory reporting\nLegal\tCase management, ediscovery\tPrivilege breach, client data\nSaaS\tInfrastructure, auth, payments\tCascading outages, PII\nManufacturing\tMES, supply chain, IoT\tIP theft, production stoppage\nConstruction\tProject management, safety\tCompliance documentation gaps\nEcommerce\tPayments, fulfillment, CDN\tPCI, availability during peak\nRecruitment\tATS, background check, payroll\tCandidate PII, bias in AI screening\nReal Estate\tMLS, transaction mgmt, title\tWire fraud, closing delays\nProfessional Services\tCRM, billing, document mgmt\tClient confidentiality breach\nGet the Full Playbook\nAI Revenue Leak Calculator — Quantify your total automation opportunity\nIndustry Context Packs — $47 each, deep-dive playbooks\nAgent Setup Wizard — Build your AI agent workforce" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/1kalin/afrexai-vendor-risk", "publisherUrl": "https://clawhub.ai/1kalin/afrexai-vendor-risk", "owner": "1kalin", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/afrexai-vendor-risk", "downloadUrl": "https://openagent3.xyz/downloads/afrexai-vendor-risk", "agentUrl": "https://openagent3.xyz/skills/afrexai-vendor-risk/agent", "manifestUrl": "https://openagent3.xyz/skills/afrexai-vendor-risk/agent.json", "briefUrl": "https://openagent3.xyz/skills/afrexai-vendor-risk/agent.md" } }