Risk Assessment Framework
v1.0.0Performs detailed risk assessment by identifying, scoring, prioritizing risks, and proposing mitigation plans with owners, deadlines, and costs for informed...
⭐ 0· 939·3 current·3 all-time
by@1kalin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (risk assessment, scoring, mitigation, register) matches the SKILL.md instructions. The skill is instruction-only and does not request unrelated binaries, env vars, or platform access.
Instruction Scope
The SKILL.md stays on-task (identifying risks, scoring, producing a register and heat map). It suggests pairing with external industry context packs (links to afrexai-cto.github.io) — that is a reasonable suggestion for richer inputs but means the agent may reference or recommend paid external resources. The instructions do not direct the agent to read system files, environment variables, or transmit data to unknown endpoints.
Install Mechanism
No install spec and no code files are present, so nothing will be written to disk or downloaded during installation. Low risk from install mechanism.
Credentials
The skill declares no required environment variables, credentials, or config paths. Its functionality (analysis of user-provided project/business context) does not require secrets or external credentials.
Persistence & Privilege
always is false and there is no install-time persistence. The skill can be invoked autonomously by the agent (default platform behavior) but it does not request elevated or cross-skill privileges.
Assessment
This skill appears coherent and contains only instructions for performing risk assessments. Before installing or using it: 1) Do not paste secrets, credentials, or sensitive PII into prompts — the skill operates on whatever you provide. 2) Verify any external context packs or paid links (afrexai-cto.github.io) before following payment or install instructions; those are third-party resources and not required to use the core skill. 3) Treat the generated mitigation owners, deadlines, and cost estimates as starting points — have a human expert validate them before acting. 4) If you plan to let agents run autonomously and feed project data, enforce internal policies about what data may be supplied to skills. If you want deeper assurance, request the skill author/source provenance (homepage or repository) before trusting it in regulated workflows.Like a lobster shell, security has layers — review code before you run it.
assessmentvk97azkmddth0stk3ecmy04rk918159sqbusinessvk97azkmddth0stk3ecmy04rk918159sqcompliancevk97azkmddth0stk3ecmy04rk918159sqgovernancevk97azkmddth0stk3ecmy04rk918159sqlatestvk97azkmddth0stk3ecmy04rk918159sqriskvk97azkmddth0stk3ecmy04rk918159sq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.