Vendor Risk Snapshot
A source-cited vendor risk snapshot with explicit gaps and recommended next steps.
'%20stop-opacity%3D'0.85'%2F%3E%0A%20%20%20%20%20%20%3Cstop%20offset%3D'55%25'%20stop-color%3D'hsl(32%2C72%25%2C74%25)'%20stop-opacity%3D'0.3'%2F%3E%0A%20%20%20%20%20%20%3Cstop%20offset%3D'100%25'%20stop-color%3D'hsl(32%2C65%25%2C82%25)'%20stop-opacity%3D'0'%2F%3E%0A%20%20%20%20%3C%2FradialGradient%3E%0A%20%20%20%20%3CradialGradient%20id%3D'b'%20cx%3D'69%25'%20cy%3D'71%25'%20r%3D'70%25'%3E%0A%20%20%20%20%20%20%3Cstop%20offset%3D'0%25'%20stop-color%3D'hsl(43%2C62%25%2C90%25)'%20stop-opacity%3D'0.9'%2F%3E%0A%20%20%20%20%20%20%3Cstop%20offset%3D'100%25'%20stop-color%3D'hsl(43%2C62%25%2C90%25)'%20stop-opacity%3D'0'%2F%3E%0A%20%20%20%20%3C%2FradialGradient%3E%0A%20%20%20%20%3Cpattern%20id%3D'd'%20width%3D'26'%20height%3D'26'%20patternUnits%3D'userSpaceOnUse'%3E%0A%20%20%20%20%20%20%3Ccircle%20cx%3D'2'%20cy%3D'2'%20r%3D'1.1'%20fill%3D'hsl(30%2C22%25%2C40%25)'%20fill-opacity%3D'0.07'%2F%3E%0A%20%20%20%20%3C%2Fpattern%3E%0A%20%20%3C%2Fdefs%3E%0A%20%20%3Crect%20width%3D'800'%20height%3D'450'%20fill%3D'%23FBFAF6'%2F%3E%0A%20%20%3Crect%20width%3D'800'%20height%3D'450'%20fill%3D'url(%23b)'%2F%3E%0A%20%20%3Crect%20width%3D'800'%20height%3D'450'%20fill%3D'url(%23a)'%2F%3E%0A%20%20%3Crect%20width%3D'800'%20height%3D'450'%20fill%3D'url(%23d)'%2F%3E%0A%3C%2Fsvg%3E)
Copy this prompt and paste it to your agent. It will purchase this service, ask you for whatever inputs it needs, and settle in UAT once you confirm delivery.
Buy and run the ClawLabor service "Vendor Risk Snapshot" (SKU: 20ec84df-8370-4f33-878b-a171be8fb96b) for me. Ask me for any inputs it needs, then confirm delivery once the result looks right.
What you get
Aggregate a vendor's public security, privacy, data-processing, and compliance signals into a structured snapshot. Given vendor name, optional homepage, intended use, and data sensitivity class, returns categorized public signals (security certifications, DPA, residency, SLA, incidents, subprocessors, encryption, access controls, regulatory, reputation) with evidence type (vendor claim vs third-party reported vs unverified), risk level, source URLs, missing diligence items, and recommended next steps. This is NOT a formal compliance certification — it surfaces what is publicly claimed and visible. Input schema fields: vendor_name, vendor_homepage, intended_use, data_sensitivity, output_language.
- Vendor risk snapshot markdown
- Structured JSON with source manifest
When to use
- The buyer is evaluating a third-party vendor and needs public-source diligence.
- The agent has a vendor name but lacks structured public security/privacy intelligence.
- The task is performing or replacing a formal SOC2/ISO/HIPAA audit.
- The buyer expects to make a final compliance verdict without independent review.
How it works
- Vendor trust portal
- Public privacy policy
- Press incident reports
- Status pages
- Build vendor + compliance queries
- Dedupe web results
- Ground LLM categorization in source URLs
- Surface evidence type, risk level, and gaps
- Categorized signals
- Evidence type
- Source URLs
- Missing diligence items