{ "schemaVersion": "1.0", "item": { "slug": "vendor-risk-assessment", "name": "Vendor Risk Assessment", "source": "tencent", "type": "skill", "category": "安全合规", "sourceUrl": "https://clawhub.ai/1kalin/vendor-risk-assessment", "canonicalUrl": "https://clawhub.ai/1kalin/vendor-risk-assessment", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/vendor-risk-assessment", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=vendor-risk-assessment", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/vendor-risk-assessment" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/vendor-risk-assessment", "agentPageUrl": "https://openagent3.xyz/skills/vendor-risk-assessment/agent", "manifestUrl": "https://openagent3.xyz/skills/vendor-risk-assessment/agent.json", "briefUrl": "https://openagent3.xyz/skills/vendor-risk-assessment/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Vendor Risk Assessment", "body": "Evaluate any AI/SaaS vendor across 6 risk dimensions. Outputs a scored report with go/no-go recommendation." }, { "title": "When to Use", "body": "Onboarding a new SaaS or AI vendor\nAnnual vendor review cycle\nEvaluating build-vs-buy decisions\nDue diligence for partnerships or acquisitions\nCompliance requirements (SOC2, ISO 27001, GDPR)" }, { "title": "How to Use", "body": "The user provides vendor details (name, product, website, any available documentation).\nThe agent researches and scores the vendor across 6 dimensions." }, { "title": "Input Format", "body": "Vendor: [Company Name]\nProduct: [Product/Service Name]\nWebsite: [URL]\nUse Case: [What you'd use it for]\nData Sensitivity: [low/medium/high/critical]\nAdditional Context: [Any docs, certifications, or concerns]" }, { "title": "6 Risk Dimensions (each scored 1-10)", "body": "1. Security Posture\n\nSOC2 Type II certification?\nPenetration testing cadence\nEncryption (at rest + in transit)\nAccess controls and authentication\nIncident response plan\nBug bounty program\n\n2. Data Handling & Privacy\n\nData residency and sovereignty\nData retention and deletion policies\nSub-processor transparency\nGDPR/CCPA compliance\nData portability (can you get your data out?)\nAI training opt-out policies\n\n3. Compliance & Certifications\n\nSOC2, ISO 27001, HIPAA, FedRAMP\nIndustry-specific (PCI-DSS, HITRUST, etc.)\nAI-specific (EU AI Act readiness, NIST AI RMF)\nAudit frequency and transparency\nRegulatory track record\n\n4. Financial Stability\n\nFunding stage and runway\nRevenue indicators (public or estimated)\nCustomer concentration risk\nAcquisition risk\nPricing stability history\n\n5. Operational Resilience\n\nUptime SLA and historical performance\nDisaster recovery plan\nMulti-region availability\nDependency on single cloud provider\nSupport responsiveness and escalation paths\nChange management process\n\n6. Contractual Terms\n\nTermination and exit clauses\nLiability caps and indemnification\nIP ownership clarity\nAuto-renewal traps\nPrice increase limitations\nSLA breach remedies" }, { "title": "Output Format", "body": "# Vendor Risk Assessment: [Vendor Name]\n**Date:** YYYY-MM-DD\n**Assessor:** AI Agent (AfrexAI)\n**Data Sensitivity Level:** [low/medium/high/critical]\n\n## Overall Risk Score: [X/10] — [LOW/MEDIUM/HIGH/CRITICAL]\n\n## Dimension Scores\n| Dimension | Score | Risk Level | Key Finding |\n|-----------|-------|------------|-------------|\n| Security Posture | X/10 | LOW/MED/HIGH | ... |\n| Data Handling | X/10 | LOW/MED/HIGH | ... |\n| Compliance | X/10 | LOW/MED/HIGH | ... |\n| Financial Stability | X/10 | LOW/MED/HIGH | ... |\n| Operational Resilience | X/10 | LOW/MED/HIGH | ... |\n| Contractual Terms | X/10 | LOW/MED/HIGH | ... |\n\n## Recommendation: [APPROVE / APPROVE WITH CONDITIONS / REJECT]\n\n## Critical Findings\n- [Finding 1]\n- [Finding 2]\n\n## Mitigation Requirements (if Approve with Conditions)\n1. [Requirement 1 — deadline]\n2. [Requirement 2 — deadline]\n\n## Research Sources\n- [Source 1]\n- [Source 2]" }, { "title": "Scoring Guide", "body": "9-10: Excellent — minimal risk, enterprise-grade\n7-8: Good — acceptable for most use cases\n5-6: Moderate — proceed with caution, mitigations needed\n3-4: Poor — significant concerns, conditional approval only\n1-2: Critical — recommend rejection or major remediation" }, { "title": "Overall Risk Calculation", "body": "Average of 6 dimensions, weighted by data sensitivity:\n\nLow sensitivity: equal weights\nMedium: Security 2x, Data 2x\nHigh: Security 3x, Data 3x, Compliance 2x\nCritical: Security 4x, Data 4x, Compliance 3x, Financial 2x" }, { "title": "Research Process", "body": "Check vendor website for security/compliance pages\nSearch for SOC2/ISO certifications and trust pages\nCheck status pages for uptime history\nSearch for breach history or security incidents\nReview pricing page for contract terms indicators\nCheck Crunchbase/LinkedIn for financial stability signals\nSearch for customer reviews mentioning reliability/support" }, { "title": "Pro Tips", "body": "Request the vendor's SOC2 Type II report directly — if they hesitate, that's a signal\nCheck their status page history (statuspage.io, etc.) for real uptime data\nFor AI vendors specifically: ask about model training on your data, output ownership, and hallucination liability\nCompare their security page to competitors — vague = red flag\n\nNeed help managing vendor risk across your entire stack? AfrexAI builds autonomous AI agents that monitor vendors continuously — not just at onboarding. Visit afrexai.com or book a call: calendly.com/cbeckford-afrexai/30min" } ], "body": "Vendor Risk Assessment\n\nEvaluate any AI/SaaS vendor across 6 risk dimensions. Outputs a scored report with go/no-go recommendation.\n\nWhen to Use\nOnboarding a new SaaS or AI vendor\nAnnual vendor review cycle\nEvaluating build-vs-buy decisions\nDue diligence for partnerships or acquisitions\nCompliance requirements (SOC2, ISO 27001, GDPR)\nHow to Use\n\nThe user provides vendor details (name, product, website, any available documentation). The agent researches and scores the vendor across 6 dimensions.\n\nInput Format\nVendor: [Company Name]\nProduct: [Product/Service Name]\nWebsite: [URL]\nUse Case: [What you'd use it for]\nData Sensitivity: [low/medium/high/critical]\nAdditional Context: [Any docs, certifications, or concerns]\n\nAssessment Framework\n6 Risk Dimensions (each scored 1-10)\n1. Security Posture\nSOC2 Type II certification?\nPenetration testing cadence\nEncryption (at rest + in transit)\nAccess controls and authentication\nIncident response plan\nBug bounty program\n2. Data Handling & Privacy\nData residency and sovereignty\nData retention and deletion policies\nSub-processor transparency\nGDPR/CCPA compliance\nData portability (can you get your data out?)\nAI training opt-out policies\n3. Compliance & Certifications\nSOC2, ISO 27001, HIPAA, FedRAMP\nIndustry-specific (PCI-DSS, HITRUST, etc.)\nAI-specific (EU AI Act readiness, NIST AI RMF)\nAudit frequency and transparency\nRegulatory track record\n4. Financial Stability\nFunding stage and runway\nRevenue indicators (public or estimated)\nCustomer concentration risk\nAcquisition risk\nPricing stability history\n5. Operational Resilience\nUptime SLA and historical performance\nDisaster recovery plan\nMulti-region availability\nDependency on single cloud provider\nSupport responsiveness and escalation paths\nChange management process\n6. Contractual Terms\nTermination and exit clauses\nLiability caps and indemnification\nIP ownership clarity\nAuto-renewal traps\nPrice increase limitations\nSLA breach remedies\nOutput Format\n# Vendor Risk Assessment: [Vendor Name]\n**Date:** YYYY-MM-DD\n**Assessor:** AI Agent (AfrexAI)\n**Data Sensitivity Level:** [low/medium/high/critical]\n\n## Overall Risk Score: [X/10] — [LOW/MEDIUM/HIGH/CRITICAL]\n\n## Dimension Scores\n| Dimension | Score | Risk Level | Key Finding |\n|-----------|-------|------------|-------------|\n| Security Posture | X/10 | LOW/MED/HIGH | ... |\n| Data Handling | X/10 | LOW/MED/HIGH | ... |\n| Compliance | X/10 | LOW/MED/HIGH | ... |\n| Financial Stability | X/10 | LOW/MED/HIGH | ... |\n| Operational Resilience | X/10 | LOW/MED/HIGH | ... |\n| Contractual Terms | X/10 | LOW/MED/HIGH | ... |\n\n## Recommendation: [APPROVE / APPROVE WITH CONDITIONS / REJECT]\n\n## Critical Findings\n- [Finding 1]\n- [Finding 2]\n\n## Mitigation Requirements (if Approve with Conditions)\n1. [Requirement 1 — deadline]\n2. [Requirement 2 — deadline]\n\n## Research Sources\n- [Source 1]\n- [Source 2]\n\nScoring Guide\n9-10: Excellent — minimal risk, enterprise-grade\n7-8: Good — acceptable for most use cases\n5-6: Moderate — proceed with caution, mitigations needed\n3-4: Poor — significant concerns, conditional approval only\n1-2: Critical — recommend rejection or major remediation\nOverall Risk Calculation\nAverage of 6 dimensions, weighted by data sensitivity:\nLow sensitivity: equal weights\nMedium: Security 2x, Data 2x\nHigh: Security 3x, Data 3x, Compliance 2x\nCritical: Security 4x, Data 4x, Compliance 3x, Financial 2x\nResearch Process\nCheck vendor website for security/compliance pages\nSearch for SOC2/ISO certifications and trust pages\nCheck status pages for uptime history\nSearch for breach history or security incidents\nReview pricing page for contract terms indicators\nCheck Crunchbase/LinkedIn for financial stability signals\nSearch for customer reviews mentioning reliability/support\nPro Tips\nRequest the vendor's SOC2 Type II report directly — if they hesitate, that's a signal\nCheck their status page history (statuspage.io, etc.) for real uptime data\nFor AI vendors specifically: ask about model training on your data, output ownership, and hallucination liability\nCompare their security page to competitors — vague = red flag\n\nNeed help managing vendor risk across your entire stack? AfrexAI builds autonomous AI agents that monitor vendors continuously — not just at onboarding. Visit afrexai.com or book a call: calendly.com/cbeckford-afrexai/30min" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/1kalin/vendor-risk-assessment", "publisherUrl": "https://clawhub.ai/1kalin/vendor-risk-assessment", "owner": "1kalin", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/vendor-risk-assessment", "downloadUrl": "https://openagent3.xyz/downloads/vendor-risk-assessment", "agentUrl": "https://openagent3.xyz/skills/vendor-risk-assessment/agent", "manifestUrl": "https://openagent3.xyz/skills/vendor-risk-assessment/agent.json", "briefUrl": "https://openagent3.xyz/skills/vendor-risk-assessment/agent.md" } }