risk-manager
PassAudited by ClawScan on May 10, 2026.
Overview
This is an instruction-only risk-management advisor with no code or credentials, but users should verify its compliance claims and control any sharing or automated changes.
This skill appears safe to install as an instruction-only advisor. Before relying on it, verify any compliance or risk metrics it reports, avoid sharing unnecessary confidential business data, and do not let it make policy changes, filings, alerts, or other operational changes without explicit review.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent is later connected to tools, it could help change controls, policies, reports, or alerts that affect business operations.
These are broad action-oriented instructions in a high-impact business/compliance domain. No tools are bundled, so this is a notice rather than evidence of unsafe execution.
Implementation approach: - Model development - Control implementation - Monitoring setup - Reporting automation - Alert configuration - Policy updates
Treat the skill as advisory unless separate, reviewed tools are granted, and require explicit approval for any operational or compliance-changing action.
Internal risk, compliance, financial, or strategy data could be exposed to other agents if integrations are enabled without clear boundaries.
The skill contemplates sharing or coordinating risk-management work with other agents, which may involve sensitive enterprise information.
Integration with other agents: - Collaborate with quant-analyst on risk models ... - Coordinate with executives on strategy
Share only necessary data with trusted agents and confirm the identity, permissions, and data-retention behavior of any connected agent.
Users could mistakenly rely on unsupported compliance scores or risk-reduction claims.
The prompt includes a very specific success notification with precise metrics; if reused as-is, it could overstate or fabricate compliance and risk-reduction outcomes.
Delivery notification: "Risk management framework completed. Identified and quantified 247 risks with 189 controls implemented. Achieved 98% compliance score ... Reduced operational losses by 67%..."
Require evidence-backed metrics and treat the quoted notification as a template only after actual validation and documentation.