ClawHub

Vendor Evaluation & Due Diligence

v1.0.0

Conducts a comprehensive, weighted assessment of software vendors and partners across financials, technical fit, security, pricing, support, lock-in, and roa...

0· 760·2 current·2 all-time
by@1kalin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/README and SKILL.md all describe a vendor due-diligence framework; the required surface is minimal (no env vars, no binaries, no installs) which is appropriate for a research/reporting skill.
Instruction Scope
Instructions direct the agent to perform web searches (reviews, funding/layoffs, SOC2, API docs, contract/SLA) and to 'dig' for bad news. This is appropriate for vendor research but is open-ended — the agent may perform extensive web queries and should be required to cite sources and avoid accessing private/internal systems or credentials.
Install Mechanism
No install spec and no code files; nothing will be written to disk or installed by the skill itself.
Credentials
The skill requires no environment variables, credentials, or config paths, which is proportional for a public-web research/reporting tool.
Persistence & Privilege
always is false and the skill does not request persistent privileges or modify other skills. The default autonomous invocation is allowed but not excessive given the skill's nature.
Assessment
This skill is coherent and low-risk in terms of credentials or installs, but it performs open-ended web research. Before enabling: (1) require the agent to include full source links and verbatim evidence for any critical claim, (2) instruct it not to access or request any private credentials or internal systems, (3) have legal/infosec review any contractual/SLA excerpts before relying on them, and (4) if you want to limit autonomous web access, disable autonomous invocation or constrain the agent's network permissions. Consider specifying timeframe/jurisdiction and asking the agent to flag uncertainty and provide primary sources for any red flags it reports.

Like a lobster shell, security has layers — review code before you run it.

businessvk978z947ry3wercremv60wyjf9813prpdue-diligencevk978z947ry3wercremv60wyjf9813prpevaluationvk978z947ry3wercremv60wyjf9813prplatestvk978z947ry3wercremv60wyjf9813prpprocurementvk978z947ry3wercremv60wyjf9813prpvendorvk978z947ry3wercremv60wyjf9813prp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments