ClawHub

Supply Chain Risk Monitor

v1.0.0

Analyze supplier risks, map dependencies, score vulnerabilities, and generate data-driven mitigation plans with risk dashboards and scenario modeling.

0· 1k·4 current·4 all-time
by@1kalin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name and SKILL.md describe supply-chain risk mapping, scoring, and mitigation planning; all required artifacts (risk framework, formulas, output templates) are present in the documentation. There are no unexpected requirements (no cloud credentials, no unrelated binaries) that would contradict the stated purpose.
Instruction Scope
Instructions focus on analyzing a supplier list or industry context and producing risk outputs. They do not instruct the agent to read system files, environment variables, or call external endpoints. Note: accomplishing Tier-2/3 mapping realistically requires sensitive supplier data (names, locations, financials); the skill assumes the user will provide that data but does not instruct how to source it.
Install Mechanism
No install spec and no code files — this is instruction-only, so nothing is written to disk or downloaded. This is the lowest-risk install posture.
Credentials
The skill declares no required environment variables, credentials, or config paths. There are no disproportionate or unrelated secrets requested.
Persistence & Privilege
always is false and the skill does not request persistent system privileges or modify other skills. Autonomous invocation is allowed (platform default) but not combined with concerning privileges.
Assessment
This skill appears coherent and low-risk from a technical footprint perspective, but it relies on you supplying potentially sensitive supplier data. Before using: (1) verify the publisher/author (no homepage or formal description is provided here), (2) avoid uploading raw PII/financial statements — instead test with anonymized or synthetic supplier data, (3) review any output before sharing externally, and (4) if you need the agent to fetch data from external systems, ensure you supply only the minimal scoped credentials and prefer read-only access. If provenance or vendor trust is important for your organization, obtain the skill from a known source or request an author identity/manifest before installation.

Like a lobster shell, security has layers — review code before you run it.

latestvk972v96x2br5ha6ebg2y7xctt9812v7hmanufacturingvk972v96x2br5ha6ebg2y7xctt9812v7hoperationsvk972v96x2br5ha6ebg2y7xctt9812v7hprocurementvk972v96x2br5ha6ebg2y7xctt9812v7hriskvk972v96x2br5ha6ebg2y7xctt9812v7hsupply chainvk972v96x2br5ha6ebg2y7xctt9812v7h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments