ReddRadar
Agent skill
vendor-risk-monitor
Continuous vendor security monitoring for security ratings, breach notifications, and risk change detection
Install this agent skill to your Project
npx add-skill https://github.com/a5c-ai/babysitter/tree/main/library/specializations/security-compliance/skills/vendor-risk-monitor
SKILL.md
Vendor Risk Monitor Skill
Purpose
Provide continuous vendor security monitoring by tracking security ratings, monitoring breach notifications, detecting certificate issues, and alerting on risk changes for proactive third-party risk management.
Capabilities
Security Rating Monitoring
- Track vendor security ratings from rating services
- Monitor rating changes and trends
- Compare ratings against thresholds
- Analyze rating factor changes
- Generate rating trend reports
- Alert on rating downgrades
Breach Notification Tracking
- Monitor public breach databases
- Track vendor-disclosed incidents
- Correlate breaches with vendor inventory
- Assess breach impact on data
- Generate breach impact reports
- Trigger incident response workflows
Certificate Status Checking
- Monitor vendor SSL/TLS certificates
- Track certificate expiration dates
- Detect certificate issues
- Verify certificate chain validity
- Alert on upcoming expirations
- Check certificate transparency logs
Dark Web Monitoring
- Monitor dark web for vendor exposures
- Detect leaked credentials
- Identify data for sale
- Track threat actor mentions
- Correlate with vendor risk profiles
- Generate exposure reports
Risk Change Alerting
- Detect significant risk changes
- Correlate multiple risk signals
- Generate risk change notifications
- Escalate critical changes
- Update vendor risk profiles
- Trigger reassessment workflows
Monitoring Report Generation
- Generate continuous monitoring reports
- Create executive dashboards
- Produce trend analysis
- Build risk heat maps
- Export data for GRC systems
- Support board reporting
Monitoring Sources
| Source Type | Examples | Data Type |
|---|---|---|
| Security Ratings | BitSight, SecurityScorecard | Posture scores |
| Breach Databases | HaveIBeenPwned, DataBreaches.net | Incident data |
| Certificate Monitors | SSL Labs, crt.sh | Certificate status |
| Dark Web | Various feeds | Exposure data |
| News/Alerts | Security news feeds | Incident reports |
| Regulatory | SEC filings, regulatory actions | Compliance events |
Risk Signals Monitored
- Security rating changes
- New vulnerability disclosures
- Data breach announcements
- Certificate issues
- Domain security problems
- DNS configuration issues
- Email security posture
- Network security indicators
- Patching cadence
- Open ports and services
Integrations
- BitSight: Security ratings platform
- SecurityScorecard: Security ratings and benchmarks
- RiskRecon: Third-party risk monitoring
- Black Kite: Cyber risk ratings
- UpGuard: Third-party risk monitoring
- Recorded Future: Threat intelligence
Target Processes
- Third-Party Vendor Security Assessment
- Continuous Compliance Monitoring
- Vendor Risk Management
- Supply Chain Security
Input Schema
{
"type": "object",
"properties": {
"operation": {
"type": "string",
"enum": ["monitor", "check-ratings", "check-breaches", "check-certificates", "generate-report", "configure-alerts"],
"description": "Monitoring operation type"
},
"vendors": {
"type": "array",
"items": {
"type": "object",
"properties": {
"vendorId": { "type": "string" },
"vendorName": { "type": "string" },
"domain": { "type": "string" },
"riskTier": { "type": "string" }
}
},
"description": "Vendors to monitor"
},
"monitoringScope": {
"type": "array",
"items": {
"type": "string",
"enum": ["ratings", "breaches", "certificates", "dark-web", "news", "regulatory"]
}
},
"alertThresholds": {
"type": "object",
"properties": {
"ratingDropThreshold": { "type": "number" },
"minimumRating": { "type": "number" },
"certificateExpiryDays": { "type": "integer" }
}
},
"reportingPeriod": {
"type": "object",
"properties": {
"startDate": { "type": "string", "format": "date" },
"endDate": { "type": "string", "format": "date" }
}
},
"notificationChannels": {
"type": "array",
"items": { "type": "string" }
}
},
"required": ["operation"]
}
Output Schema
{
"type": "object",
"properties": {
"monitoringId": {
"type": "string"
},
"operation": {
"type": "string"
},
"timestamp": {
"type": "string",
"format": "date-time"
},
"vendorsMonitored": {
"type": "integer"
},
"ratingsSummary": {
"type": "object",
"properties": {
"vendorsWithRatings": { "type": "integer" },
"averageRating": { "type": "number" },
"belowThreshold": { "type": "integer" },
"ratingChanges": {
"type": "array",
"items": {
"type": "object",
"properties": {
"vendorId": { "type": "string" },
"previousRating": { "type": "number" },
"currentRating": { "type": "number" },
"change": { "type": "number" },
"changeDate": { "type": "string" }
}
}
}
}
},
"breachAlerts": {
"type": "array",
"items": {
"type": "object",
"properties": {
"vendorId": { "type": "string" },
"vendorName": { "type": "string" },
"breachDate": { "type": "string" },
"description": { "type": "string" },
"dataTypes": { "type": "array" },
"recordsAffected": { "type": "integer" },
"source": { "type": "string" }
}
}
},
"certificateAlerts": {
"type": "array",
"items": {
"type": "object",
"properties": {
"vendorId": { "type": "string" },
"domain": { "type": "string" },
"issue": { "type": "string" },
"expirationDate": { "type": "string" },
"daysUntilExpiry": { "type": "integer" }
}
}
},
"darkWebFindings": {
"type": "array",
"items": {
"type": "object",
"properties": {
"vendorId": { "type": "string" },
"findingType": { "type": "string" },
"description": { "type": "string" },
"discoveryDate": { "type": "string" },
"severity": { "type": "string" }
}
}
},
"riskChanges": {
"type": "array",
"items": {
"type": "object",
"properties": {
"vendorId": { "type": "string" },
"vendorName": { "type": "string" },
"previousRiskLevel": { "type": "string" },
"currentRiskLevel": { "type": "string" },
"triggers": { "type": "array" },
"recommendedAction": { "type": "string" }
}
}
},
"alertsSent": {
"type": "integer"
},
"recommendations": {
"type": "array",
"items": { "type": "string" }
},
"reportPath": {
"type": "string"
}
}
}
Usage Example
skill: {
name: 'vendor-risk-monitor',
context: {
operation: 'monitor',
vendors: [
{ vendorId: 'v001', vendorName: 'Cloud Provider', domain: 'cloudprovider.com', riskTier: 'critical' }
],
monitoringScope: ['ratings', 'breaches', 'certificates'],
alertThresholds: {
ratingDropThreshold: 10,
minimumRating: 700,
certificateExpiryDays: 30
}
}
}
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
a5c-ai/babysitter
gsd-tools
Central utility skill for GSD operations. Provides config parsing, slug generation, timestamps, path operations, and orchestrates calls to other specialized skills. Acts as the unified entry point that the original gsd-tools.cjs provided via its lib/ modules (commands, config, core, init).
a5c-ai/babysitter
model-profile-resolution
Resolve model profile (quality/balanced/budget) at orchestration start and map agents to specific models. Enables cost/quality tradeoffs by selecting appropriate AI models for each agent role.
a5c-ai/babysitter
verification-suite
Plan structure validation, phase completeness checks, reference integrity verification, and artifact existence confirmation. Provides the structured verification layer ensuring GSD artifacts are well-formed and complete.
a5c-ai/babysitter
state-management
STATE.md reading, writing, and field-level updates. Provides cross-session state persistence via .planning/STATE.md with structured fields for current task, completed phases, blockers, decisions, and quick tasks.
a5c-ai/babysitter
git-integration
Git commit patterns, formats, and conventions for GSD methodology. Provides atomic commits per task, structured commit messages, planning file commits, branch management, and milestone tag operations.
a5c-ai/babysitter
frontmatter-parsing
YAML frontmatter parsing and manipulation for .planning/ documents. Provides read, write, update, query, and validation operations on frontmatter blocks in GSD markdown artifacts.
Didn't find tool you were looking for?