# Send Vendor Risk Assessment to your agent
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
## Fast path
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
## Suggested prompts
### New install

```text
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
```
### Upgrade existing

```text
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
```
## Machine-readable fields
```json
{
  "schemaVersion": "1.0",
  "item": {
    "slug": "vendor-risk-assessment",
    "name": "Vendor Risk Assessment",
    "source": "tencent",
    "type": "skill",
    "category": "安全合规",
    "sourceUrl": "https://clawhub.ai/1kalin/vendor-risk-assessment",
    "canonicalUrl": "https://clawhub.ai/1kalin/vendor-risk-assessment",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadUrl": "/downloads/vendor-risk-assessment",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=vendor-risk-assessment",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "packageFormat": "ZIP package",
    "primaryDoc": "SKILL.md",
    "includedAssets": [
      "SKILL.md"
    ],
    "downloadMode": "redirect",
    "sourceHealth": {
      "source": "tencent",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-04-23T16:43:11.935Z",
      "expiresAt": "2026-04-30T16:43:11.935Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard",
        "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"",
        "redirectLocation": null,
        "bodySnippet": null
      },
      "scope": "source",
      "summary": "Source download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this source.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/vendor-risk-assessment"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    }
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/vendor-risk-assessment",
    "downloadUrl": "https://openagent3.xyz/downloads/vendor-risk-assessment",
    "agentUrl": "https://openagent3.xyz/skills/vendor-risk-assessment/agent",
    "manifestUrl": "https://openagent3.xyz/skills/vendor-risk-assessment/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/vendor-risk-assessment/agent.md"
  }
}
```
## Documentation

### Vendor Risk Assessment

Evaluate any AI/SaaS vendor across 6 risk dimensions. Outputs a scored report with go/no-go recommendation.

### When to Use

Onboarding a new SaaS or AI vendor
Annual vendor review cycle
Evaluating build-vs-buy decisions
Due diligence for partnerships or acquisitions
Compliance requirements (SOC2, ISO 27001, GDPR)

### How to Use

The user provides vendor details (name, product, website, any available documentation).
The agent researches and scores the vendor across 6 dimensions.

### Input Format

Vendor: [Company Name]
Product: [Product/Service Name]
Website: [URL]
Use Case: [What you'd use it for]
Data Sensitivity: [low/medium/high/critical]
Additional Context: [Any docs, certifications, or concerns]

### 6 Risk Dimensions (each scored 1-10)

1. Security Posture

SOC2 Type II certification?
Penetration testing cadence
Encryption (at rest + in transit)
Access controls and authentication
Incident response plan
Bug bounty program

2. Data Handling & Privacy

Data residency and sovereignty
Data retention and deletion policies
Sub-processor transparency
GDPR/CCPA compliance
Data portability (can you get your data out?)
AI training opt-out policies

3. Compliance & Certifications

SOC2, ISO 27001, HIPAA, FedRAMP
Industry-specific (PCI-DSS, HITRUST, etc.)
AI-specific (EU AI Act readiness, NIST AI RMF)
Audit frequency and transparency
Regulatory track record

4. Financial Stability

Funding stage and runway
Revenue indicators (public or estimated)
Customer concentration risk
Acquisition risk
Pricing stability history

5. Operational Resilience

Uptime SLA and historical performance
Disaster recovery plan
Multi-region availability
Dependency on single cloud provider
Support responsiveness and escalation paths
Change management process

6. Contractual Terms

Termination and exit clauses
Liability caps and indemnification
IP ownership clarity
Auto-renewal traps
Price increase limitations
SLA breach remedies

### Output Format

# Vendor Risk Assessment: [Vendor Name]
**Date:** YYYY-MM-DD
**Assessor:** AI Agent (AfrexAI)
**Data Sensitivity Level:** [low/medium/high/critical]

## Overall Risk Score: [X/10] — [LOW/MEDIUM/HIGH/CRITICAL]

## Dimension Scores
| Dimension | Score | Risk Level | Key Finding |
|-----------|-------|------------|-------------|
| Security Posture | X/10 | LOW/MED/HIGH | ... |
| Data Handling | X/10 | LOW/MED/HIGH | ... |
| Compliance | X/10 | LOW/MED/HIGH | ... |
| Financial Stability | X/10 | LOW/MED/HIGH | ... |
| Operational Resilience | X/10 | LOW/MED/HIGH | ... |
| Contractual Terms | X/10 | LOW/MED/HIGH | ... |

## Recommendation: [APPROVE / APPROVE WITH CONDITIONS / REJECT]

## Critical Findings
- [Finding 1]
- [Finding 2]

## Mitigation Requirements (if Approve with Conditions)
1. [Requirement 1 — deadline]
2. [Requirement 2 — deadline]

## Research Sources
- [Source 1]
- [Source 2]

### Scoring Guide

9-10: Excellent — minimal risk, enterprise-grade
7-8: Good — acceptable for most use cases
5-6: Moderate — proceed with caution, mitigations needed
3-4: Poor — significant concerns, conditional approval only
1-2: Critical — recommend rejection or major remediation

### Overall Risk Calculation

Average of 6 dimensions, weighted by data sensitivity:

Low sensitivity: equal weights
Medium: Security 2x, Data 2x
High: Security 3x, Data 3x, Compliance 2x
Critical: Security 4x, Data 4x, Compliance 3x, Financial 2x

### Research Process

Check vendor website for security/compliance pages
Search for SOC2/ISO certifications and trust pages
Check status pages for uptime history
Search for breach history or security incidents
Review pricing page for contract terms indicators
Check Crunchbase/LinkedIn for financial stability signals
Search for customer reviews mentioning reliability/support

### Pro Tips

Request the vendor's SOC2 Type II report directly — if they hesitate, that's a signal
Check their status page history (statuspage.io, etc.) for real uptime data
For AI vendors specifically: ask about model training on your data, output ownership, and hallucination liability
Compare their security page to competitors — vague = red flag

Need help managing vendor risk across your entire stack? AfrexAI builds autonomous AI agents that monitor vendors continuously — not just at onboarding. Visit afrexai.com or book a call: calendly.com/cbeckford-afrexai/30min
## Trust
- Source: tencent
- Verification: Indexed source record
- Publisher: 1kalin
- Version: 1.0.0
## Source health
- Status: healthy
- Source download looks usable.
- Yavira can redirect you to the upstream package for this source.
- Health scope: source
- Reason: direct_download_ok
- Checked at: 2026-04-23T16:43:11.935Z
- Expires at: 2026-04-30T16:43:11.935Z
- Recommended action: Download for OpenClaw
## Links
- [Detail page](https://openagent3.xyz/skills/vendor-risk-assessment)
- [Send to Agent page](https://openagent3.xyz/skills/vendor-risk-assessment/agent)
- [JSON manifest](https://openagent3.xyz/skills/vendor-risk-assessment/agent.json)
- [Markdown brief](https://openagent3.xyz/skills/vendor-risk-assessment/agent.md)
- [Download page](https://openagent3.xyz/downloads/vendor-risk-assessment)