Skill

risk-scorer

Severity times likelihood risk matrix generation with mitigation priorities. Trigger: "score risks", "risk matrix", "risk assessment", "severity analysis".

From sa

Install

Run in your terminal

npx claudepluginhub javimontano/jm-adk --plugin sovereign-architect

Tool Access

This skill is limited to using the following tools:

ReadGlobGrepBashAgent

Supporting Assets

View in Repository

evals/evals.json

examples/sample-output.md

prompts/use-case-prompts.md

references/body-of-knowledge.md

Skill Content

Risk Scorer

Systematically identify, score, and prioritize technical risks using a severity x likelihood matrix, producing actionable mitigation plans.

Guiding Principle

"Risk management is not about eliminating risk — it's about making informed decisions about which risks to accept."

Procedure

Step 1 — Risk Identification

Catalog technical risks from codebase analysis: security, reliability, scalability, maintainability.
Include operational risks: single points of failure, bus factor, vendor lock-in.
Identify data risks: data loss, corruption, privacy violations.
Document each risk with its source and potential impact [HECHO].
Cross-reference with findings from other analysis skills.

Step 2 — Severity Assessment

Rate impact on a 1-5 scale: Negligible, Minor, Moderate, Major, Critical.
Consider multiple impact dimensions: users affected, data at risk, revenue impact, reputation.
Assess cascading effects: does this risk trigger other failures?
Document severity rationale for each risk [INFERENCIA].

Step 3 — Likelihood Assessment

Rate probability on a 1-5 scale: Rare, Unlikely, Possible, Likely, Almost Certain.
Use evidence: has this happened before? Are there precursor signals?
Consider trend direction: is the likelihood increasing or decreasing?
Factor in existing mitigations that reduce likelihood.

Step 4 — Risk Matrix & Prioritization

Calculate risk score: Severity x Likelihood (1-25).
Classify: Critical (20-25), High (15-19), Medium (8-14), Low (1-7).
Produce a visual risk matrix heatmap.
For each High/Critical risk, define mitigation actions with owners and timelines.
Identify risks that should be accepted vs. mitigated vs. transferred.

Quality Criteria

Every risk traced to specific codebase evidence [HECHO]
Severity and likelihood ratings include explicit rationale
Risk matrix includes all identified risks, not just top ones
Mitigation plans are actionable with concrete next steps

Anti-Patterns

Rating all risks as "High" (loses prioritization value)
Scoring based on gut feeling without evidence
Ignoring low-likelihood, high-severity risks (black swans)
Creating a risk register that is never reviewed or updated

Similar Skills

skill-lookup

Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.

prompts.chat

157.5k

prompt-lookup

Searches prompts.chat for AI prompt templates by keyword or category, retrieves by ID with variable handling, and improves prompts via AI. Use for discovering or enhancing prompts.

prompts.chat

157.5k

agent-payment-x402

Enables AI agents to execute x402 payments with per-task budgets, spending controls, and non-custodial wallets via MCP tools. Use when agents pay for APIs, services, or other agents.

everything-claude-code

138.0k

Stats

Parent Repo Stars0

Parent Repo Forks0

Last CommitMar 22, 2026

Actions

View Source View Plugin View on GitHub View README

Procedure

Step 1 — Risk Identification

Catalog technical risks from codebase analysis: security, reliability, scalability, maintainability.

Include operational risks: single points of failure, bus factor, vendor lock-in.

Identify data risks: data loss, corruption, privacy violations.

Document each risk with its source and potential impact [HECHO].

Cross-reference with findings from other analysis skills.

Step 2 — Severity Assessment

Rate impact on a 1-5 scale: Negligible, Minor, Moderate, Major, Critical.

Consider multiple impact dimensions: users affected, data at risk, revenue impact, reputation.

Assess cascading effects: does this risk trigger other failures?

Document severity rationale for each risk [INFERENCIA].

Step 3 — Likelihood Assessment

Rate probability on a 1-5 scale: Rare, Unlikely, Possible, Likely, Almost Certain.

Use evidence: has this happened before? Are there precursor signals?

Consider trend direction: is the likelihood increasing or decreasing?

Factor in existing mitigations that reduce likelihood.

Step 4 — Risk Matrix & Prioritization

Calculate risk score: Severity x Likelihood (1-25).

Classify: Critical (20-25), High (15-19), Medium (8-14), Low (1-7).

Produce a visual risk matrix heatmap.

For each High/Critical risk, define mitigation actions with owners and timelines.

Identify risks that should be accepted vs. mitigated vs. transferred.