a5c-ai/vendor-risk-monitor
library/specializations/security-compliance/skills/vendor-risk-monitor/SKILL.md
Continuous vendor security monitoring for security ratings, breach notifications, and risk change detection
$ install --global
skillsauthnpx skillsauth add a5c-ai/babysitter vendor-risk-monitorInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 2, 2026, 2:09 PM55.6s2 files scanned
SKILL.md
- name:
- vendor-risk-monitor
- description:
- Continuous vendor security monitoring for security ratings, breach notifications, and risk change detection
Vendor Risk Monitor Skill
Purpose
Provide continuous vendor security monitoring by tracking security ratings, monitoring breach notifications, detecting certificate issues, and alerting on risk changes for proactive third-party risk management.
Capabilities
Security Rating Monitoring
- Track vendor security ratings from rating services
- Monitor rating changes and trends
- Compare ratings against thresholds
- Analyze rating factor changes
- Generate rating trend reports
- Alert on rating downgrades
Breach Notification Tracking
- Monitor public breach databases
- Track vendor-disclosed incidents
- Correlate breaches with vendor inventory
- Assess breach impact on data
- Generate breach impact reports
- Trigger incident response workflows
Certificate Status Checking
- Monitor vendor SSL/TLS certificates
- Track certificate expiration dates
- Detect certificate issues
- Verify certificate chain validity
- Alert on upcoming expirations
- Check certificate transparency logs
Dark Web Monitoring
- Monitor dark web for vendor exposures
- Detect leaked credentials
- Identify data for sale
- Track threat actor mentions
- Correlate with vendor risk profiles
- Generate exposure reports
Risk Change Alerting
- Detect significant risk changes
- Correlate multiple risk signals
- Generate risk change notifications
- Escalate critical changes
- Update vendor risk profiles
- Trigger reassessment workflows
Monitoring Report Generation
- Generate continuous monitoring reports
- Create executive dashboards
- Produce trend analysis
- Build risk heat maps
- Export data for GRC systems
- Support board reporting
Monitoring Sources
| Source Type | Examples | Data Type | |-------------|----------|-----------| | Security Ratings | BitSight, SecurityScorecard | Posture scores | | Breach Databases | HaveIBeenPwned, DataBreaches.net | Incident data | | Certificate Monitors | SSL Labs, crt.sh | Certificate status | | Dark Web | Various feeds | Exposure data | | News/Alerts | Security news feeds | Incident reports | | Regulatory | SEC filings, regulatory actions | Compliance events |
Risk Signals Monitored
- Security rating changes
- New vulnerability disclosures
- Data breach announcements
- Certificate issues
- Domain security problems
- DNS configuration issues
- Email security posture
- Network security indicators
- Patching cadence
- Open ports and services
Integrations
- BitSight: Security ratings platform
- SecurityScorecard: Security ratings and benchmarks
- RiskRecon: Third-party risk monitoring
- Black Kite: Cyber risk ratings
- UpGuard: Third-party risk monitoring
- Recorded Future: Threat intelligence
Target Processes
- Third-Party Vendor Security Assessment
- Continuous Compliance Monitoring
- Vendor Risk Management
- Supply Chain Security
Input Schema
{
"type": "object",
"properties": {
"operation": {
"type": "string",
"enum": ["monitor", "check-ratings", "check-breaches", "check-certificates", "generate-report", "configure-alerts"],
"description": "Monitoring operation type"
},
"vendors": {
"type": "array",
"items": {
"type": "object",
"properties": {
"vendorId": { "type": "string" },
"vendorName": { "type": "string" },
"domain": { "type": "string" },
"riskTier": { "type": "string" }
}
},
"description": "Vendors to monitor"
},
"monitoringScope": {
"type": "array",
"items": {
"type": "string",
"enum": ["ratings", "breaches", "certificates", "dark-web", "news", "regulatory"]
}
},
"alertThresholds": {
"type": "object",
"properties": {
"ratingDropThreshold": { "type": "number" },
"minimumRating": { "type": "number" },
"certificateExpiryDays": { "type": "integer" }
}
},
"reportingPeriod": {
"type": "object",
"properties": {
"startDate": { "type": "string", "format": "date" },
"endDate": { "type": "string", "format": "date" }
}
},
"notificationChannels": {
"type": "array",
"items": { "type": "string" }
}
},
"required": ["operation"]
}
Output Schema
{
"type": "object",
"properties": {
"monitoringId": {
"type": "string"
},
"operation": {
"type": "string"
},
"timestamp": {
"type": "string",
"format": "date-time"
},
"vendorsMonitored": {
"type": "integer"
},
"ratingsSummary": {
"type": "object",
"properties": {
"vendorsWithRatings": { "type": "integer" },
"averageRating": { "type": "number" },
"belowThreshold": { "type": "integer" },
"ratingChanges": {
"type": "array",
"items": {
"type": "object",
"properties": {
"vendorId": { "type": "string" },
"previousRating": { "type": "number" },
"currentRating": { "type": "number" },
"change": { "type": "number" },
"changeDate": { "type": "string" }
}
}
}
}
},
"breachAlerts": {
"type": "array",
"items": {
"type": "object",
"properties": {
"vendorId": { "type": "string" },
"vendorName": { "type": "string" },
"breachDate": { "type": "string" },
"description": { "type": "string" },
"dataTypes": { "type": "array" },
"recordsAffected": { "type": "integer" },
"source": { "type": "string" }
}
}
},
"certificateAlerts": {
"type": "array",
"items": {
"type": "object",
"properties": {
"vendorId": { "type": "string" },
"domain": { "type": "string" },
"issue": { "type": "string" },
"expirationDate": { "type": "string" },
"daysUntilExpiry": { "type": "integer" }
}
}
},
"darkWebFindings": {
"type": "array",
"items": {
"type": "object",
"properties": {
"vendorId": { "type": "string" },
"findingType": { "type": "string" },
"description": { "type": "string" },
"discoveryDate": { "type": "string" },
"severity": { "type": "string" }
}
}
},
"riskChanges": {
"type": "array",
"items": {
"type": "object",
"properties": {
"vendorId": { "type": "string" },
"vendorName": { "type": "string" },
"previousRiskLevel": { "type": "string" },
"currentRiskLevel": { "type": "string" },
"triggers": { "type": "array" },
"recommendedAction": { "type": "string" }
}
}
},
"alertsSent": {
"type": "integer"
},
"recommendations": {
"type": "array",
"items": { "type": "string" }
},
"reportPath": {
"type": "string"
}
}
}
Usage Example
skill: {
name: 'vendor-risk-monitor',
context: {
operation: 'monitor',
vendors: [
{ vendorId: 'v001', vendorName: 'Cloud Provider', domain: 'cloudprovider.com', riskTier: 'critical' }
],
monitoringScope: ['ratings', 'breaches', 'certificates'],
alertThresholds: {
ratingDropThreshold: 10,
minimumRating: 700,
certificateExpiryDays: 30
}
}
}
Related Skills
a5c-ai/model-card-generator
development
VerifiedTrustedCommunity
Model documentation skill for generating model cards following Google's model card framework.
680SKILL.mdUpdated Apr 28, 2026
a5c-ai/mlflow-experiment-tracker
development
VerifiedTrustedCommunity
MLflow integration skill for experiment tracking, model registry, and artifact management. Enables LLMs to log experiments, compare runs, manage model lifecycle, and retrieve artifacts through the MLflow API.
680SKILL.mdUpdated Apr 28, 2026
a5c-ai/lime-explainer
data-ai
VerifiedTrustedCommunity
LIME-based local explanation skill for individual predictions across tabular, text, and image data.
680SKILL.mdUpdated Apr 28, 2026
a5c-ai/kubeflow-pipeline-executor
devops
VerifiedTrustedCommunity
Kubeflow Pipelines skill for ML workflow orchestration, component management, and Kubernetes-native ML.
680SKILL.mdUpdated Apr 28, 2026