ClawHub

Risk

v1.0.0

Deep risk assessment workflow—identifying risks, likelihood and impact, mitigation plans, owners, residual risk acceptance, and tracking. Use when assessing...

0· 116·1 current·2 all-time
by@mike47512
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (risk assessment workflow) align with the content of SKILL.md. No unrelated environment variables, binaries, or install steps are requested that would be disproportionate to a risk-assessment guide.
Instruction Scope
SKILL.md contains a procedural six-stage risk-assessment workflow and checklists only. It does not instruct the agent to read files, access environment variables, call external endpoints, or perform actions outside the stated purpose.
Install Mechanism
No install spec and no code files are present (instruction-only). This has the lowest filesystem/execution risk surface: nothing is downloaded or written by the skill itself.
Credentials
The skill requires no environment variables, credentials, or config paths. There are no requests for sensitive tokens or system access that would be disproportionate for a guidance workflow.
Persistence & Privilege
always is false and there is no setup that modifies other skills or system settings. The skill may be invoked autonomously by the agent (default behavior) but that is normal for skills and not excessive here.
Assessment
This skill is a plain-text risk-assessment workflow and appears safe to install: it doesn't request credentials or install code. Before using it with sensitive projects, avoid pasting secrets into prompts, review the agent's outputs for accuracy (LLMs can hallucinate), and if you operate in regulated environments, ensure you map the workflow to your mandated templates and approval paths.

Like a lobster shell, security has layers — review code before you run it.

latestvk970qm2wfmbh8gb0963d11kdfs83p0wp
116downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
@mike47512
latest
Download

Risk Assessment

Risk assessment turns vague worry into prioritized actions: what can go wrong, how bad, what we do now, and who owns follow-up.

When to Offer This Workflow

Trigger conditions:

  • Major launch, migration, or new vendor
  • Steering or audit requests a risk matrix
  • Post–near-miss prevention work

Initial offer:

Use six stages: (1) scope & stakeholders, (2) identify risks, (3) analyze likelihood & impact, (4) plan mitigations, (5) owners & deadlines, (6) review & tracking). Confirm scoring approach (simple matrix vs quantitative).

Stage 1: Scope & Stakeholders

Goal: Define system/project boundary and who can accept residual risk (product, eng, legal).

Exit condition: RACI or explicit approvers for go/no-go.

Stage 2: Identify Risks

Goal: Brainstorm across categories: technical, security, operational, legal, reputational, financial.

Practices

  • Pre-mortem: “It failed because…” exercise for alignment

Stage 3: Analyze

Goal: Score likelihood and impact with a shared rubric; avoid false precision.

Stage 4: Plan Mitigations

Goal: Prevent, detect, and respond controls; rough cost/time per mitigation.

Stage 5: Owners & Deadlines

Goal: Each material risk has an owner and date; escalation path if unmitigated by launch.

Stage 6: Review & Tracking

Goal: Living RAID log; revisit after scope changes or incidents.

Final Review Checklist

  • Scope and decision authority clear
  • Risks span relevant categories
  • Scoring applied consistently
  • Mitigations have owners and dates
  • Residual risk explicitly accepted or deferred with plan

Tips for Effective Guidance

  • Distinguish future risk from current defects.
  • For security-heavy systems, align with threat (threat modeling) outputs.
  • Startups: fewer rows, more honesty on top existential risks.

Handling Deviations

  • Regulated industries: follow required RA templates when mandated.

Comments

Loading comments...