๐Ÿ”
12917 skills
โ† All skills
Tencent SkillHub ยท Security & Compliance

Vendor Risk Assessment

Assess third-party vendor risk for AI and SaaS products. Evaluates security posture, data handling, compliance, financial stability, and operational resilien...

skill openclawclawhub Free
0 Downloads
0 Stars
0 Installs
0 Score
High Signal

Assess third-party vendor risk for AI and SaaS products. Evaluates security posture, data handling, compliance, financial stability, and operational resilien...

โฌ‡ 0 downloads โ˜… 0 stars Unverified but indexed

Install for OpenClaw

Quick setup
  1. Download the package from Yavira.
  2. Extract the archive and review SKILL.md first.
  3. Import or place the package into your OpenClaw setup.

Requirements

Target platform
OpenClaw
Install method
Manual import
Extraction
Extract archive
Prerequisites
OpenClaw
Primary doc
SKILL.md

Package facts

Download mode
Yavira redirect
Package format
ZIP package
Source platform
Tencent SkillHub
What's included
SKILL.md

Validation

  • Use the Yavira download entry.
  • Review SKILL.md after the package is downloaded.
  • Confirm the extracted package contains the expected setup assets.

Install with your agent

Agent handoff

Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.

  1. Download the package from Yavira.
  2. Extract it into a folder your agent can access.
  3. Paste one of the prompts below and point your agent at the extracted folder.
New install

I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.

Upgrade existing

I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.

Open Send to Agent page Open JSON manifest Open Markdown brief

Trust & source

Release facts

Source
Tencent SkillHub
Verification
Indexed source record
Version
1.0.0

Documentation

ClawHub primary doc Primary doc: SKILL.md 10 sections Open source page

Vendor Risk Assessment

Evaluate any AI/SaaS vendor across 6 risk dimensions. Outputs a scored report with go/no-go recommendation.

When to Use

Onboarding a new SaaS or AI vendor Annual vendor review cycle Evaluating build-vs-buy decisions Due diligence for partnerships or acquisitions Compliance requirements (SOC2, ISO 27001, GDPR)

How to Use

The user provides vendor details (name, product, website, any available documentation). The agent researches and scores the vendor across 6 dimensions.

Input Format

Vendor: [Company Name] Product: [Product/Service Name] Website: [URL] Use Case: [What you'd use it for] Data Sensitivity: [low/medium/high/critical] Additional Context: [Any docs, certifications, or concerns]

6 Risk Dimensions (each scored 1-10)

1. Security Posture SOC2 Type II certification? Penetration testing cadence Encryption (at rest + in transit) Access controls and authentication Incident response plan Bug bounty program 2. Data Handling & Privacy Data residency and sovereignty Data retention and deletion policies Sub-processor transparency GDPR/CCPA compliance Data portability (can you get your data out?) AI training opt-out policies 3. Compliance & Certifications SOC2, ISO 27001, HIPAA, FedRAMP Industry-specific (PCI-DSS, HITRUST, etc.) AI-specific (EU AI Act readiness, NIST AI RMF) Audit frequency and transparency Regulatory track record 4. Financial Stability Funding stage and runway Revenue indicators (public or estimated) Customer concentration risk Acquisition risk Pricing stability history 5. Operational Resilience Uptime SLA and historical performance Disaster recovery plan Multi-region availability Dependency on single cloud provider Support responsiveness and escalation paths Change management process 6. Contractual Terms Termination and exit clauses Liability caps and indemnification IP ownership clarity Auto-renewal traps Price increase limitations SLA breach remedies

Output Format

  • # Vendor Risk Assessment: [Vendor Name]
  • **Date:** YYYY-MM-DD
  • **Assessor:** AI Agent (AfrexAI)
  • **Data Sensitivity Level:** [low/medium/high/critical]
  • ## Overall Risk Score: [X/10] โ€” [LOW/MEDIUM/HIGH/CRITICAL]
  • ## Dimension Scores
  • | Dimension | Score | Risk Level | Key Finding |
  • |-----------|-------|------------|-------------|
  • | Security Posture | X/10 | LOW/MED/HIGH | ... |
  • | Data Handling | X/10 | LOW/MED/HIGH | ... |
  • | Compliance | X/10 | LOW/MED/HIGH | ... |
  • | Financial Stability | X/10 | LOW/MED/HIGH | ... |
  • | Operational Resilience | X/10 | LOW/MED/HIGH | ... |
  • | Contractual Terms | X/10 | LOW/MED/HIGH | ... |
  • ## Recommendation: [APPROVE / APPROVE WITH CONDITIONS / REJECT]
  • ## Critical Findings
  • [Finding 1]
  • [Finding 2]
  • ## Mitigation Requirements (if Approve with Conditions)
  • 1. [Requirement 1 โ€” deadline]
  • 2. [Requirement 2 โ€” deadline]
  • ## Research Sources
  • [Source 1]
  • [Source 2]

Scoring Guide

9-10: Excellent โ€” minimal risk, enterprise-grade 7-8: Good โ€” acceptable for most use cases 5-6: Moderate โ€” proceed with caution, mitigations needed 3-4: Poor โ€” significant concerns, conditional approval only 1-2: Critical โ€” recommend rejection or major remediation

Overall Risk Calculation

Average of 6 dimensions, weighted by data sensitivity: Low sensitivity: equal weights Medium: Security 2x, Data 2x High: Security 3x, Data 3x, Compliance 2x Critical: Security 4x, Data 4x, Compliance 3x, Financial 2x

Research Process

Check vendor website for security/compliance pages Search for SOC2/ISO certifications and trust pages Check status pages for uptime history Search for breach history or security incidents Review pricing page for contract terms indicators Check Crunchbase/LinkedIn for financial stability signals Search for customer reviews mentioning reliability/support

Pro Tips

Request the vendor's SOC2 Type II report directly โ€” if they hesitate, that's a signal Check their status page history (statuspage.io, etc.) for real uptime data For AI vendors specifically: ask about model training on your data, output ownership, and hallucination liability Compare their security page to competitors โ€” vague = red flag Need help managing vendor risk across your entire stack? AfrexAI builds autonomous AI agents that monitor vendors continuously โ€” not just at onboarding. Visit afrexai.com or book a call: calendly.com/cbeckford-afrexai/30min

Category context

Identity, auth, scanning, governance, audit, and operational guardrails.

Source: Tencent SkillHub

Largest current source with strong distribution and engagement signals.

Package contents

Included in package
1 Docs
  • SKILL.md Primary doc

Related skills

Tencent SkillHub Free

1-SEC: All-in-One Cybersecurity for AI Agent Hosts

Install, configure, and manage 1-SEC โ€” an open-source, all-in-one cybersecurity platform (16 modules, single binary) on Linux servers and VPS instances. Use...

Security & Compliance skill openclaw
Tencent SkillHub Free

A SecOps expert to handle security issues, ensure that protections are in place and collect evidence for security analysis. The Skill also contains skill integrity checks.

Perform SecOps endpoint checks for EDR, Sysmon, updates, EVTX alerts, least privilege, network exposure, credential protection, vulnerabilities, weekly asses...

Security & Compliance skill openclaw
Tencent SkillHub Free

AI Compliance Readiness Assessment

AI Compliance Readiness Assessment โ€” evaluate how prepared an organization is for AI governance regulations (EU AI Act, NIST AI RMF, HHS mandates, state bar...

Security & Compliance skill openclaw