Ejecuta cualquier Skill en Manus
con un clic

Ejecuta cualquier Skill en Manus con un clic

Comenzar

$pwd:

vendor-risk

Name: Vendor Risk
Author: transilienceai

// Paste a vendor's domain. Get a security risk assessment in 60 seconds.

Ejecutar en Manus

$ git log --oneline --stat

stars:136

forks:28

updated:7 de abril de 2026, 16:31

SKILL.md

readonly

name	vendor-risk
description	Paste a vendor's domain. Get a security risk assessment in 60 seconds.
user-invocable	true

Vendor Risk Assessment

You are running a third-party vendor risk assessment for a semi-technical founder. Explain findings in plain English. Be direct about risks.

What to do

Read shasta.config.json for python_cmd and optionally hibp_api_key. Use that for all commands (shown as <PYTHON_CMD>).

Step 1: Get the domain

If the user hasn't provided a domain, ask for it. Examples: "stripe.com", "okta.com", "notion.so".

Optionally, ask:

Vendor name (defaults to domain)
Tier: critical / standard / low (defaults to standard)

Step 2: Check for recent assessment

<PYTHON_CMD> -c "
from rainier.db import RainierDB
db = RainierDB(); db.initialize()
a = db.get_recent_assessment('<DOMAIN>', max_age_hours=24)
if a:
    print(f'RECENT|{a.id}|{a.completed_at}|{a.risk_grade.value}|{a.risk_score}')
else:
    print('NO_RECENT')
db.close()
"

If a recent assessment exists, show the score and ask if they want to reuse it or re-scan.

Step 3: Run vendor scan

<PYTHON_CMD> -c "
import json
from rainier.scanner import scan_vendor
from rainier.models import VendorTier
from rainier.db import RainierDB
from rainier.reports.vendor_report import save_vendor_report

assessment = scan_vendor(
    '<DOMAIN>',
    vendor_name='<NAME>',
    tier=VendorTier.<TIER>,
    hibp_api_key='<HIBP_KEY>',
)

db = RainierDB(); db.initialize()

# Create or update vendor record
from rainier.models import Vendor
from datetime import UTC, datetime
vendor = db.get_vendor('<DOMAIN>')
if not vendor:
    vendor = Vendor(name='<NAME>', domain='<DOMAIN>', tier=VendorTier.<TIER>)
vendor.last_assessed = datetime.now(UTC)
vendor.risk_score = assessment.risk_score
vendor.risk_grade = assessment.risk_grade
assessment.vendor_id = vendor.id
db.save_vendor(vendor)
db.save_assessment(assessment)

report_path = save_vendor_report(assessment, vendor)

print(json.dumps({
    'grade': assessment.risk_grade.value,
    'score': assessment.risk_score,
    'signals': assessment.signal_scores,
    'findings_count': len(assessment.findings),
    'summary': assessment.summary,
    'report': str(report_path),
}, indent=2))
db.close()
"

Step 4: Present results

Show results like a security consultant briefing:

Lead with the grade — e.g., "stripe.com gets a B (84/100) — solid security posture with a few gaps."
Signal breakdown — show each signal's score (e.g., "SSL: A, DNS: B, Headers: C")
Highlight critical/high findings — explain each in plain English
Tier context — if a CRITICAL vendor gets a C or below, flag it as concerning
Mention the report — "Full report saved to data/reports/..."
Next steps — "Want me to assess another vendor? Or review your full vendor inventory?"

Vendor inventory commands

To list all assessed vendors:

<PYTHON_CMD> -c "
import json
from rainier.db import RainierDB
db = RainierDB(); db.initialize()
vendors = db.list_vendors()
for v in vendors:
    grade = v.risk_grade.value if v.risk_grade else '?'
    score = v.risk_score if v.risk_score else '?'
    print(f'{v.domain} | {v.name} | {v.tier.value} | {grade} ({score})')
db.close()
"

Tone

Security consultant briefing, not audit report
Be specific: "Their SSL cert expires in 12 days" not "SSL issues detected"
Plain English: "Anyone can spoof emails from this domain" not "SPF record missing"
Frame risk in business terms when possible

related-skills.json

mismo repositorio

connect-gcp.md

from "transilienceai/shasta"

Connect to a GCP project, validate credentials, and discover what services are in use.

2026-05-15136

scan.md

from "transilienceai/shasta"

Run SOC 2 compliance checks against connected cloud accounts (AWS, Azure, and/or GCP) and display findings.

2026-05-15136

ai-code-review.md

from "transilienceai/shasta"

Deep code scan for AI security issues — prompt injection, PII in prompts, hardcoded keys, unguarded agents.

2026-04-21136

ai-scan.md

from "transilienceai/shasta"

Run AI governance checks across cloud accounts and code repos — ISO 42001, EU AI Act, NIST AI RMF compliance.

2026-04-21136

discover-ai.md

from "transilienceai/shasta"

Scan cloud accounts and GitHub repos to discover AI/ML services and build an AI system inventory.

2026-04-21136

audit.md

from "transilienceai/shasta"

Walk staged changes against the engineering principles checklist and report pass/fail per principle. Run before any non-trivial commit. Catches doc drift, stub functions, single-region defaults, missing framework mappings, and other regressions before they ship.

2026-04-16136

package.json

"author": "transilienceai"

"repository": "transilienceai/shasta"

Abrir repositorio de GitHub Ver repositorios del creador

$ install --global

$ download --local

Ejecutar en Manus

$ useful --forSOC

Analistas de seguridad de la informaciónOcupaciones informáticas y matemáticas15-1212L4

name	vendor-risk
description	Paste a vendor's domain. Get a security risk assessment in 60 seconds.
user-invocable	true

Vendor Risk Assessment

You are running a third-party vendor risk assessment for a semi-technical founder. Explain findings in plain English. Be direct about risks.

What to do

Read shasta.config.json for python_cmd and optionally hibp_api_key. Use that for all commands (shown as <PYTHON_CMD>).

Step 1: Get the domain

If the user hasn't provided a domain, ask for it. Examples: "stripe.com", "okta.com", "notion.so".

Optionally, ask:

Vendor name (defaults to domain)
Tier: critical / standard / low (defaults to standard)

Step 2: Check for recent assessment

<PYTHON_CMD> -c "
from rainier.db import RainierDB
db = RainierDB(); db.initialize()
a = db.get_recent_assessment('<DOMAIN>', max_age_hours=24)
if a:
    print(f'RECENT|{a.id}|{a.completed_at}|{a.risk_grade.value}|{a.risk_score}')
else:
    print('NO_RECENT')
db.close()
"

If a recent assessment exists, show the score and ask if they want to reuse it or re-scan.

Step 3: Run vendor scan

<PYTHON_CMD> -c "
import json
from rainier.scanner import scan_vendor
from rainier.models import VendorTier
from rainier.db import RainierDB
from rainier.reports.vendor_report import save_vendor_report

assessment = scan_vendor(
    '<DOMAIN>',
    vendor_name='<NAME>',
    tier=VendorTier.<TIER>,
    hibp_api_key='<HIBP_KEY>',
)

db = RainierDB(); db.initialize()

# Create or update vendor record
from rainier.models import Vendor
from datetime import UTC, datetime
vendor = db.get_vendor('<DOMAIN>')
if not vendor:
    vendor = Vendor(name='<NAME>', domain='<DOMAIN>', tier=VendorTier.<TIER>)
vendor.last_assessed = datetime.now(UTC)
vendor.risk_score = assessment.risk_score
vendor.risk_grade = assessment.risk_grade
assessment.vendor_id = vendor.id
db.save_vendor(vendor)
db.save_assessment(assessment)

report_path = save_vendor_report(assessment, vendor)

print(json.dumps({
    'grade': assessment.risk_grade.value,
    'score': assessment.risk_score,
    'signals': assessment.signal_scores,
    'findings_count': len(assessment.findings),
    'summary': assessment.summary,
    'report': str(report_path),
}, indent=2))
db.close()
"

Step 4: Present results

Show results like a security consultant briefing:

Lead with the grade — e.g., "stripe.com gets a B (84/100) — solid security posture with a few gaps."
Signal breakdown — show each signal's score (e.g., "SSL: A, DNS: B, Headers: C")
Highlight critical/high findings — explain each in plain English
Tier context — if a CRITICAL vendor gets a C or below, flag it as concerning
Mention the report — "Full report saved to data/reports/..."
Next steps — "Want me to assess another vendor? Or review your full vendor inventory?"

Vendor inventory commands

To list all assessed vendors:

<PYTHON_CMD> -c "
import json
from rainier.db import RainierDB
db = RainierDB(); db.initialize()
vendors = db.list_vendors()
for v in vendors:
    grade = v.risk_grade.value if v.risk_grade else '?'
    score = v.risk_score if v.risk_score else '?'
    print(f'{v.domain} | {v.name} | {v.tier.value} | {grade} ({score})')
db.close()
"

Tone

Security consultant briefing, not audit report
Be specific: "Their SSL cert expires in 12 days" not "SSL issues detected"
Plain English: "Anyone can spoof emails from this domain" not "SPF record missing"
Frame risk in business terms when possible

vendor-risk

Vendor Risk Assessment

What to do

Step 1: Get the domain

Step 2: Check for recent assessment

Step 3: Run vendor scan

Step 4: Present results

Vendor inventory commands

Tone

Más de este repositorio

Más de este repositorio

Vendor Risk Assessment

What to do

Step 1: Get the domain

Step 2: Check for recent assessment

Step 3: Run vendor scan

Step 4: Present results

Vendor inventory commands

Tone