ClawHub

Vendor Risk Assessment

v1.0.1

Assess third-party vendor risk for AI and SaaS products. Evaluates security posture, data handling, compliance, financial stability, and operational resilien...

0· 91·0 current·0 all-time
by@afrexai-cto
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the content: SKILL.md defines a vendor-risk scoring framework and research steps that align with assessing AI/SaaS vendors. There are no unrelated resource requests (no cloud creds, no binaries).
Instruction Scope
Instructions direct the agent to research public sources (vendor site, status pages, Crunchbase, breach history). That is expected for this purpose, but it means the agent will access external web resources and may request user-provided documents; sensitive data should be redacted before sharing.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk and no external packages are pulled in.
Credentials
No required environment variables, no credentials, and no config paths are requested. The skill does not ask for unrelated secrets or system access.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request permanent presence or modification of other skills or agent-wide settings.
Assessment
This skill appears coherent and safe as authored, but take these precautions before use: (1) Do not upload unredacted sensitive documents — redact PII/credentials before sharing. (2) Expect the agent to perform public web lookups; verify any external sources it cites. (3) Treat the risk scores as advisory — validate critical findings (e.g., SOC2 reports) by requesting primary evidence from the vendor. (4) Note the README/SKILL include promotional links to AfrexAI; that is benign but be cautious about following third-party call/book links from within an automated workflow.

Like a lobster shell, security has layers — review code before you run it.

latestvk970g378tsrjv9w7csttzm4pth83fmbw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments