vendor-risk-monitor

// Continuous vendor security monitoring for security ratings, breach notifications, and risk change detection

$ git log --oneline --stat

stars:384

forks:73

updated:March 4, 2026

SKILL.mdreadonly

SKILL.md Frontmatter

namevendor-risk-monitor

descriptionContinuous vendor security monitoring for security ratings, breach notifications, and risk change detection

allowed-toolsBash,Read,Write,Glob,Grep,WebFetch

Vendor Risk Monitor Skill

Purpose

Provide continuous vendor security monitoring by tracking security ratings, monitoring breach notifications, detecting certificate issues, and alerting on risk changes for proactive third-party risk management.

Capabilities

Security Rating Monitoring

Track vendor security ratings from rating services
Monitor rating changes and trends
Compare ratings against thresholds
Analyze rating factor changes
Generate rating trend reports
Alert on rating downgrades

Breach Notification Tracking

Monitor public breach databases
Track vendor-disclosed incidents
Correlate breaches with vendor inventory
Assess breach impact on data
Generate breach impact reports
Trigger incident response workflows

Certificate Status Checking

Monitor vendor SSL/TLS certificates
Track certificate expiration dates
Detect certificate issues
Verify certificate chain validity
Alert on upcoming expirations
Check certificate transparency logs

Dark Web Monitoring

Monitor dark web for vendor exposures
Detect leaked credentials
Identify data for sale
Track threat actor mentions
Correlate with vendor risk profiles
Generate exposure reports

Risk Change Alerting

Detect significant risk changes
Correlate multiple risk signals
Generate risk change notifications
Escalate critical changes
Update vendor risk profiles
Trigger reassessment workflows

Monitoring Report Generation

Generate continuous monitoring reports
Create executive dashboards
Produce trend analysis
Build risk heat maps
Export data for GRC systems
Support board reporting

Monitoring Sources

Source Type	Examples	Data Type
Security Ratings	BitSight, SecurityScorecard	Posture scores
Breach Databases	HaveIBeenPwned, DataBreaches.net	Incident data
Certificate Monitors	SSL Labs, crt.sh	Certificate status
Dark Web	Various feeds	Exposure data
News/Alerts	Security news feeds	Incident reports
Regulatory	SEC filings, regulatory actions	Compliance events

Risk Signals Monitored

Security rating changes
New vulnerability disclosures
Data breach announcements
Certificate issues
Domain security problems
DNS configuration issues
Email security posture
Network security indicators
Patching cadence
Open ports and services

Integrations

BitSight: Security ratings platform
SecurityScorecard: Security ratings and benchmarks
RiskRecon: Third-party risk monitoring
Black Kite: Cyber risk ratings
UpGuard: Third-party risk monitoring
Recorded Future: Threat intelligence

Target Processes

Third-Party Vendor Security Assessment
Continuous Compliance Monitoring
Vendor Risk Management
Supply Chain Security

Input Schema

{
  "type": "object",
  "properties": {
    "operation": {
      "type": "string",
      "enum": ["monitor", "check-ratings", "check-breaches", "check-certificates", "generate-report", "configure-alerts"],
      "description": "Monitoring operation type"
    },
    "vendors": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "vendorId": { "type": "string" },
          "vendorName": { "type": "string" },
          "domain": { "type": "string" },
          "riskTier": { "type": "string" }
        }
      },
      "description": "Vendors to monitor"
    },
    "monitoringScope": {
      "type": "array",
      "items": {
        "type": "string",
        "enum": ["ratings", "breaches", "certificates", "dark-web", "news", "regulatory"]
      }
    },
    "alertThresholds": {
      "type": "object",
      "properties": {
        "ratingDropThreshold": { "type": "number" },
        "minimumRating": { "type": "number" },
        "certificateExpiryDays": { "type": "integer" }
      }
    },
    "reportingPeriod": {
      "type": "object",
      "properties": {
        "startDate": { "type": "string", "format": "date" },
        "endDate": { "type": "string", "format": "date" }
      }
    },
    "notificationChannels": {
      "type": "array",
      "items": { "type": "string" }
    }
  },
  "required": ["operation"]
}

Output Schema

{
  "type": "object",
  "properties": {
    "monitoringId": {
      "type": "string"
    },
    "operation": {
      "type": "string"
    },
    "timestamp": {
      "type": "string",
      "format": "date-time"
    },
    "vendorsMonitored": {
      "type": "integer"
    },
    "ratingsSummary": {
      "type": "object",
      "properties": {
        "vendorsWithRatings": { "type": "integer" },
        "averageRating": { "type": "number" },
        "belowThreshold": { "type": "integer" },
        "ratingChanges": {
          "type": "array",
          "items": {
            "type": "object",
            "properties": {
              "vendorId": { "type": "string" },
              "previousRating": { "type": "number" },
              "currentRating": { "type": "number" },
              "change": { "type": "number" },
              "changeDate": { "type": "string" }
            }
          }
        }
      }
    },
    "breachAlerts": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "vendorId": { "type": "string" },
          "vendorName": { "type": "string" },
          "breachDate": { "type": "string" },
          "description": { "type": "string" },
          "dataTypes": { "type": "array" },
          "recordsAffected": { "type": "integer" },
          "source": { "type": "string" }
        }
      }
    },
    "certificateAlerts": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "vendorId": { "type": "string" },
          "domain": { "type": "string" },
          "issue": { "type": "string" },
          "expirationDate": { "type": "string" },
          "daysUntilExpiry": { "type": "integer" }
        }
      }
    },
    "darkWebFindings": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "vendorId": { "type": "string" },
          "findingType": { "type": "string" },
          "description": { "type": "string" },
          "discoveryDate": { "type": "string" },
          "severity": { "type": "string" }
        }
      }
    },
    "riskChanges": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "vendorId": { "type": "string" },
          "vendorName": { "type": "string" },
          "previousRiskLevel": { "type": "string" },
          "currentRiskLevel": { "type": "string" },
          "triggers": { "type": "array" },
          "recommendedAction": { "type": "string" }
        }
      }
    },
    "alertsSent": {
      "type": "integer"
    },
    "recommendations": {
      "type": "array",
      "items": { "type": "string" }
    },
    "reportPath": {
      "type": "string"
    }
  }
}

Usage Example

skill: {
  name: 'vendor-risk-monitor',
  context: {
    operation: 'monitor',
    vendors: [
      { vendorId: 'v001', vendorName: 'Cloud Provider', domain: 'cloudprovider.com', riskTier: 'critical' }
    ],
    monitoringScope: ['ratings', 'breaches', 'certificates'],
    alertThresholds: {
      ratingDropThreshold: 10,
      minimumRating: 700,
      certificateExpiryDays: 30
    }
  }
}