Stats
Actions
Tags
'%20stop-opacity%3D'0.16'%2F%3E%3Cstop%20offset%3D'1'%20stop-color%3D'rgb(200%2C90%2C60)'%20stop-opacity%3D'0.03'%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Crect%20width%3D'320'%20height%3D'200'%20fill%3D'url(%23g)'%2F%3E%3Ccircle%20cx%3D'250'%20cy%3D'56'%20r%3D'92'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.06'%2F%3E%3Ccircle%20cx%3D'64'%20cy%3D'172'%20r%3D'58'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.05'%2F%3E%3C%2Fsvg%3E)
From grc-tprm
Conducts vendor security assessments evaluating posture, risks, and generating reports with recommendations. Supports onboarding, periodic reviews, incident response, and due diligence.
How this skill is triggered — by the user, by Claude, or both
Slash command
/grc-tprm:vendor-assessorThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Performs end-to-end vendor security assessments.
Performs end-to-end vendor security assessments.
npx claudepluginhub grcengclub/claude-grc-engineering --plugin grc-tprmBuild and run a third-party vendor risk management (TPRM) program aligned to NIST SP 800-161 and CSF 2.0. Covers vendor inventory, tiering, due-diligence questionnaires (SIG, CAIQ), evidence review (SOC 2, ISO 27001), contractual security clauses, continuous monitoring, Nth-party risk, and secure offboarding.
Calculates vendor risk scores using inherent (data sensitivity, access level) and residual (certifications, audits) factors. Assigns Critical/High/Medium/Low ratings with comparisons, trends, and recommendations.
Analyzes Abnormal Security VendorBase for vendor risk scores, compromised detection, domain analysis, and supply chain email threats. For MSP analysts investigating third-party vendor risks.