ClawHub

Vendor Risk Assessment

v1.0.0

Evaluate and score vendors on security, financials, compliance, operations, and data handling to classify risk and manage remediation plans effectively.

0· 449·0 current·0 all-time
by@1kalin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (vendor risk assessment) matches the SKILL.md content: scoring rubric, portfolio view, templates, and red‑flags. There are no unexpected binaries, credentials, or system config requirements for this stated purpose.
Instruction Scope
The SKILL.md stays within the assessment domain (scoring, review templates, remediation actions). It includes external links to paid playbooks and an 'Agent Setup Wizard' URL — these are outside the skill but are only links. The skill itself does not instruct the agent to read local files, environment variables, or to transmit data to remote endpoints, but you should vet those external sites before following them.
Install Mechanism
Instruction-only skill with no install spec and no code files. This is low risk because nothing is written to disk or executed by the skill itself.
Credentials
No environment variables, credentials, or config paths are requested. The lack of secret or cloud credential requests is appropriate for a guidance/playbook skill.
Persistence & Privilege
Defaults are used (always:false, agent invocation allowed). The skill does not request permanent presence or elevated privileges and does not attempt to modify other skills or system settings.
Assessment
This skill appears coherent and safe as a playbook: it only contains assessment guidance and templates and does not request credentials or install anything. Before using, review any external links (the playbook and agent‑setup URLs) in a browser to confirm they are trustworthy and avoid pasting sensitive credentials into third‑party sites. If you plan to automate vendor assessments, sandbox any agent workflows that will handle vendor data and ensure they do not forward sensitive information to unknown endpoints.

Like a lobster shell, security has layers — review code before you run it.

auditvk97dr1dgs3b2j2wkt9am7zfys181gwx7compliancevk97dr1dgs3b2j2wkt9am7zfys181gwx7latestvk97dr1dgs3b2j2wkt9am7zfys181gwx7procurementvk97dr1dgs3b2j2wkt9am7zfys181gwx7riskvk97dr1dgs3b2j2wkt9am7zfys181gwx7securityvk97dr1dgs3b2j2wkt9am7zfys181gwx7vendorvk97dr1dgs3b2j2wkt9am7zfys181gwx7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments