# Send Vendor Risk Assessment to your agent
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
## Fast path
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
## Suggested prompts
### New install

```text
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete.
```
### Upgrade existing

```text
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run.
```
## Machine-readable fields
```json
{
  "schemaVersion": "1.0",
  "item": {
    "slug": "afrexai-vendor-risk",
    "name": "Vendor Risk Assessment",
    "source": "tencent",
    "type": "skill",
    "category": "金融交易",
    "sourceUrl": "https://clawhub.ai/1kalin/afrexai-vendor-risk",
    "canonicalUrl": "https://clawhub.ai/1kalin/afrexai-vendor-risk",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadUrl": "/downloads/afrexai-vendor-risk",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-vendor-risk",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "packageFormat": "ZIP package",
    "primaryDoc": "SKILL.md",
    "includedAssets": [
      "README.md",
      "SKILL.md"
    ],
    "downloadMode": "redirect",
    "sourceHealth": {
      "source": "tencent",
      "slug": "afrexai-vendor-risk",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-04-29T06:06:31.849Z",
      "expiresAt": "2026-05-06T06:06:31.849Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-vendor-risk",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-vendor-risk",
        "contentDisposition": "attachment; filename=\"afrexai-vendor-risk-1.0.0.zip\"",
        "redirectLocation": null,
        "bodySnippet": null,
        "slug": "afrexai-vendor-risk"
      },
      "scope": "item",
      "summary": "Item download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this item.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/afrexai-vendor-risk"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    }
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/afrexai-vendor-risk",
    "downloadUrl": "https://openagent3.xyz/downloads/afrexai-vendor-risk",
    "agentUrl": "https://openagent3.xyz/skills/afrexai-vendor-risk/agent",
    "manifestUrl": "https://openagent3.xyz/skills/afrexai-vendor-risk/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/afrexai-vendor-risk/agent.md"
  }
}
```
## Documentation

### Vendor Risk Assessment

Score and manage third-party vendor risk across security, financial stability, compliance, operational dependency, and data handling. Built for procurement teams, CISOs, and operations leaders managing 10+ vendors.

### Usage

Run this assessment for each critical vendor. Aggregate scores into a portfolio risk view.

### 1. Vendor Risk Scorecard (5 Domains, 0-100 each)

Security Posture (0-100)

SOC 2 Type II current? (+20)
Penetration test within 12 months? (+15)
Incident response plan documented? (+15)
Data encryption at rest and transit? (+15)
MFA enforced for all access? (+10)
Security questionnaire completed? (+10)
Subprocessor list disclosed? (+15)

Financial Stability (0-100)

Revenue trend (growing +25, flat +10, declining 0)
Funding runway >18 months? (+20)
Customer concentration <20%? (+15)
Public financials or audited statements? (+15)
No material litigation? (+15)
Credit rating acceptable? (+10)

Compliance & Regulatory (0-100)

Industry certifications current? (+20)
GDPR/CCPA compliant? (+20)
Data processing agreement signed? (+15)
Regulatory audit history clean? (+15)
Right to audit clause? (+15)
Data residency requirements met? (+15)

Operational Dependency (0-100)

SLA with financial penalties? (+20)
Uptime >99.9% trailing 12 months? (+20)
Disaster recovery tested annually? (+15)
Single point of failure for your business? (-20)
Migration plan documented? (+15)
API/export capability? (+15)
Vendor lock-in risk assessment? (+15)

Data Handling (0-100)

Data classification documented? (+20)
Retention/deletion policies clear? (+20)
Breach notification <72 hours? (+20)
Data portability guaranteed? (+15)
AI/ML training on your data? (opt-out available +15, no opt-out -10)
Access logging and audit trail? (+10)

### 2. Risk Tier Classification

Aggregate ScoreTierReview CadenceAction400-500Low RiskAnnualStandard monitoring300-399ModerateSemi-annualRemediation plan required200-299High RiskQuarterlyExecutive escalation, alternatives identified0-199CriticalMonthlyExit plan required within 90 days

### 3. Portfolio Risk View

Total vendors: ___
Critical tier: ___ (target: 0)
High risk: ___ (target: <10%)
Moderate: ___ (target: <30%)
Low risk: ___ (target: >60%)

Top 3 concentration risks:
1. [Vendor] — [function] — [% of operations dependent]
2. [Vendor] — [function] — [% of operations dependent]
3. [Vendor] — [function] — [% of operations dependent]

Annual vendor spend: $___
Spend on high/critical vendors: $___  (___%)

### 4. Cost of Vendor Failure

Impact AreaCalculationRevenue lossDaily revenue × expected downtime daysRecovery costMigration estimate + emergency procurementCompliance penaltyRegulatory fine range for data breach via vendorReputation damageCustomer churn rate × LTV × affected customersOperational disruptionStaff idle cost × recovery period

### 5. Quarterly Review Template

Score changes since last review (flag any >10 point drops)
New subprocessors added by vendor
SLA performance vs target
Security incidents or near-misses
Contract renewal timeline and negotiation leverage
Alternative vendor benchmarking

### 6. Red Flags (Immediate Action)

Vendor acquired by competitor
Key personnel departures (CISO, CTO)
Downtime exceeding SLA 2+ months
Regulatory action or investigation
Refusal to complete security questionnaire
Data breach affecting other customers
Sudden pricing changes >20%

### Industry-Specific Vendor Risks

IndustryCritical Vendor CategorySpecific RiskHealthcareEHR, billing, telehealthHIPAA BAA gaps, PHI exposureFinancial ServicesCore banking, payments, KYCPCI DSS, regulatory reportingLegalCase management, ediscoveryPrivilege breach, client dataSaaSInfrastructure, auth, paymentsCascading outages, PIIManufacturingMES, supply chain, IoTIP theft, production stoppageConstructionProject management, safetyCompliance documentation gapsEcommercePayments, fulfillment, CDNPCI, availability during peakRecruitmentATS, background check, payrollCandidate PII, bias in AI screeningReal EstateMLS, transaction mgmt, titleWire fraud, closing delaysProfessional ServicesCRM, billing, document mgmtClient confidentiality breach

### Get the Full Playbook

AI Revenue Leak Calculator — Quantify your total automation opportunity
Industry Context Packs — $47 each, deep-dive playbooks
Agent Setup Wizard — Build your AI agent workforce
## Trust
- Source: tencent
- Verification: Indexed source record
- Publisher: 1kalin
- Version: 1.0.0
## Source health
- Status: healthy
- Item download looks usable.
- Yavira can redirect you to the upstream package for this item.
- Health scope: item
- Reason: direct_download_ok
- Checked at: 2026-04-29T06:06:31.849Z
- Expires at: 2026-05-06T06:06:31.849Z
- Recommended action: Download for OpenClaw
## Links
- [Detail page](https://openagent3.xyz/skills/afrexai-vendor-risk)
- [Send to Agent page](https://openagent3.xyz/skills/afrexai-vendor-risk/agent)
- [JSON manifest](https://openagent3.xyz/skills/afrexai-vendor-risk/agent.json)
- [Markdown brief](https://openagent3.xyz/skills/afrexai-vendor-risk/agent.md)
- [Download page](https://openagent3.xyz/downloads/afrexai-vendor-risk)