Vendor Risk Assessment
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is an instruction-only vendor due-diligence template; it asks for public research and a recommendation but shows no code, credential use, persistence, or hidden data transfer.
This appears safe to install as an instruction-only skill. Provide only vendor and business context you are comfortable sharing with the agent, and verify the cited sources and recommendations before making procurement, compliance, or legal decisions.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may browse or search public sites if such tools are available, and the resulting assessment could be stale, incomplete, or influenced by unreliable public information.
This directs the agent to use web/search-style research and external public sources. That is central to vendor risk assessment and is disclosed, but generated conclusions depend on the quality and reliability of those sources.
The agent researches and scores the vendor across 6 dimensions... Research Process: 1. Check vendor website... 6. Check Crunchbase/LinkedIn... 7. Search for customer reviews
Use approved browsing/search tools only, review the cited research sources, and treat the approve/reject recommendation as decision support rather than an automatic procurement decision.