Automated vendor security assessment through questionnaire generation, response parsing, and risk scoring
Automates vendor security assessments by generating questionnaires, analyzing responses, and scoring risk.
npx claudepluginhub a5c-ai/babysitterThis skill is limited to using the following tools:
README.mdAutomate vendor security assessment through standardized questionnaire generation, response parsing, security posture scoring, and risk report generation for third-party risk management programs.
| Standard | Use Case | Questions |
|---|---|---|
| SIG Lite | Low-risk vendors | ~100 |
| SIG Core | Medium-risk vendors | ~300 |
| SIG Full | High-risk vendors | ~800+ |
| CAIQ | Cloud providers | ~300 |
| VSAQ | General vendors | Variable |
| Custom | Specific needs | Variable |
{
"type": "object",
"properties": {
"operation": {
"type": "string",
"enum": ["generate", "parse", "score", "report", "track"],
"description": "Questionnaire operation type"
},
"vendorInfo": {
"type": "object",
"properties": {
"vendorName": { "type": "string" },
"vendorId": { "type": "string" },
"vendorType": { "type": "string" },
"riskTier": { "type": "string", "enum": ["critical", "high", "medium", "low"] },
"dataAccess": { "type": "array", "items": { "type": "string" } }
}
},
"questionnaireType": {
"type": "string",
"enum": ["SIG-Lite", "SIG-Core", "SIG-Full", "CAIQ", "VSAQ", "custom"],
"description": "Questionnaire standard to use"
},
"customDomains": {
"type": "array",
"items": { "type": "string" },
"description": "Specific domains to assess"
},
"responseFile": {
"type": "string",
"description": "Path to questionnaire response file"
},
"scoringCriteria": {
"type": "object",
"properties": {
"minimumScore": { "type": "number" },
"criticalControls": { "type": "array" },
"weightings": { "type": "object" }
}
},
"deadline": {
"type": "string",
"format": "date",
"description": "Assessment completion deadline"
}
},
"required": ["operation"]
}
{
"type": "object",
"properties": {
"assessmentId": {
"type": "string"
},
"operation": {
"type": "string"
},
"timestamp": {
"type": "string",
"format": "date-time"
},
"vendorInfo": {
"type": "object"
},
"questionnaire": {
"type": "object",
"properties": {
"type": { "type": "string" },
"totalQuestions": { "type": "integer" },
"domains": { "type": "array" },
"filePath": { "type": "string" }
}
},
"responseAnalysis": {
"type": "object",
"properties": {
"questionsAnswered": { "type": "integer" },
"questionsSkipped": { "type": "integer" },
"evidenceProvided": { "type": "integer" },
"concerningResponses": { "type": "array" },
"missingInformation": { "type": "array" }
}
},
"securityScore": {
"type": "object",
"properties": {
"overallScore": { "type": "number" },
"riskRating": { "type": "string", "enum": ["low", "medium", "high", "critical"] },
"domainScores": {
"type": "array",
"items": {
"type": "object",
"properties": {
"domain": { "type": "string" },
"score": { "type": "number" },
"findings": { "type": "array" }
}
}
},
"benchmarkComparison": { "type": "object" },
"scoreHistory": { "type": "array" }
}
},
"riskFindings": {
"type": "array",
"items": {
"type": "object",
"properties": {
"findingId": { "type": "string" },
"domain": { "type": "string" },
"severity": { "type": "string" },
"description": { "type": "string" },
"recommendation": { "type": "string" }
}
}
},
"assessmentStatus": {
"type": "object",
"properties": {
"status": { "type": "string" },
"deadline": { "type": "string" },
"daysRemaining": { "type": "integer" },
"remindersent": { "type": "boolean" }
}
},
"recommendations": {
"type": "array",
"items": { "type": "string" }
},
"reportPath": {
"type": "string"
}
}
}
skill: {
name: 'vendor-security-questionnaire',
context: {
operation: 'generate',
vendorInfo: {
vendorName: 'Cloud SaaS Provider',
riskTier: 'high',
dataAccess: ['PII', 'financial']
},
questionnaireType: 'SIG-Core',
deadline: '2024-03-15'
}
}
Activates when the user asks about AI prompts, needs prompt templates, wants to search for prompts, or mentions prompts.chat. Use for discovering, retrieving, and improving prompts.
Search, retrieve, and install Agent Skills from the prompts.chat registry using MCP tools. Use when the user asks to find skills, browse skill catalogs, install a skill for Claude, or extend Claude's capabilities with reusable AI agent components.
This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.