vendor-risk-assessment
Assess third-party vendor risk for AI and SaaS products. Evaluates security posture, data handling, compliance, financial stability, and operational resilience. Use when onboarding new vendors, conducting annual reviews, or building a vendor management program. Generates a scored risk report with mitigation recommendations. Built by AfrexAI.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/1kalin/vendor-risk-assessmentWhat This Skill Does
The vendor-risk-assessment skill by AfrexAI acts as your automated procurement and compliance assistant. It systematically evaluates third-party SaaS and AI vendors against six critical pillars: Security Posture, Data Handling, Compliance, Financial Stability, Operational Resilience, and Contractual Terms. By analyzing provided vendor data, documentation, and external signals, the agent generates a quantified risk score (1-10) and provides a clear go/no-go recommendation. This removes the manual burden from IT and security teams, ensuring that every software adoption meets your organization's internal standards.
Installation
To install this skill, run the following command in your terminal:
clawhub install openclaw/skills/skills/1kalin/vendor-risk-assessment
Ensure you have the OpenClaw environment initialized before execution.
Use Cases
- SaaS Procurement: Quickly vet new software tools before signing a subscription agreement.
- Annual Reviews: Automate the repetitive task of re-evaluating existing vendors to ensure they still meet evolving security standards.
- Due Diligence: Conduct rapid risk analysis during M&A activities or high-stakes partnership evaluations.
- Compliance Preparation: Streamline documentation gathering for audits like SOC2, ISO 27001, and GDPR by identifying compliance gaps early.
Example Prompts
- "Perform a risk assessment for OpenAI Enterprise. Our data sensitivity level is critical and we plan to use it for internal RAG pipelines."
- "I need to vet a new email marketing tool called MailerPro. Their website is mailerpro.example.com. Can you run a risk assessment based on their current compliance page?"
- "Assess our current CRM vendor, Salesforce. Focus specifically on contractual terms and financial stability as we are preparing for our annual audit."
Tips & Limitations
- Accuracy: The agent's precision depends heavily on the quality of documentation provided. Always upload specific security whitepapers or SOC2 reports if available.
- Human Oversight: This tool is designed to assist in decision-making. High-risk or critical infrastructure decisions should always be reviewed by a human security officer.
- External Data: The agent relies on internet-accessible information. Private non-public data about a company's internal financials may not be fully captured.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-1kalin-vendor-risk-assessment": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: external-api, data-collection