vendor-risk

Name: vendor-risk
Rating: 5 (5 reviews)
Author: eyesecurity

ACTIVATE when integrating a new service, API, SaaS tool, SDK, npm/pip/maven package, Docker image, or any third-party dependency — or when discussing suppliers, vendors, processor agreements, or supply chain security. Also activate on imports from unknown packages or adding external webhooks/endpoints. Ensures every new vendor or dependency is assessed against the org's critical assets, data resid

5stars

Updated last month

View on GitHub ↗License: GPL-3.0

How to add

/plugin marketplace add eyesecurity/skills

The exact command may vary by repository. Check the README on GitHub.

For the skill author

Drop this on your repo README

Shows your skill is listed on Skillteca, generates a backlink and trackable traffic.

[![Listada na Skillteca](https://www.skillteca.com.br/api/badge/vendor-risk/svg)](https://www.skillteca.com.br/skills/vendor-risk?utm_source=badge&utm_medium=readme&utm_campaign=badge)

#ai #api #docker

Related skills

See all in DevOps e Infra →

internal-comms

143.8k

Resources to assist in writing various internal communications, adhering to company-preferred formats. Claude should utilize this skill for status reports, leadership updates, newsletters, FAQs, and other internal documents.

DevOps e Infraby anthropics

babysit

79.7k

Monitors a pull request or review cycle until it is ready to merge. This skill is used to track PR comments, reviews, and CI status until all actionable issues are resolved.

DevOps e Infra#aiby thedotmack

do

79.7k

Execute a phased implementation plan using subagents. Use when asked to execute, run, or carry out a plan — especially one created by make-plan.

DevOps e Infra#aiby thedotmack

smart-explore

79.7k

Token-optimized structural code search using tree-sitter AST parsing. Use this instead of reading full files when you need to understand code structure, find functions, or explore a codebase efficiently.

DevOps e Infra#aiby thedotmack

Category alert

Get new DevOps e Infra skills every Monday

One short email with only the new DevOps e Infra skills. 4 minutes of reading, no spam, unsubscribe with one click.

You confirm your email on the first send. No spam. Unsubscribe with one click.

Vendor Risk Management

Every new integration is a supply chain decision. No vendor gets access without assessment.

Storage

Vendor assessments: .compliance/vendors/VND-YYYY-NNN-slug.json — one file per assessment
Approved vendor summary: profile.json → suppliers[] — kept in sync after approval

Vendor assessment record

One JSON per vendor assessment. Created on first contact, updated through lifecycle.

{
  "assessment_id": "VND-2026-001-hubspot",
  "vendor

[Description truncada. Veja o README completo no GitHub.]

ShareX LinkedIn

Comments · No comments

No comments yet. Be the first.