by 安全扫描
OpenClaw
安全
high confidenceThis is an instruction-only risk-assessment template; its requirements and runtime instructions are coherent with the stated purpose and it does not request extra credentials, installs, or privileged access.
评估建议
This skill is a harmless, self-contained risk-assessment template and appears safe to install. Consider whether the outputs you provide to the skill (project details, financial figures, internal triggers) contain sensitive information you would not want logged or sent elsewhere—the skill itself does not send data externally, but any sensitive content you paste into prompts can be stored in agent logs or used in other skills. If you need automated integration with external systems (ticketing, ins...详细分析 ▾
✓ 用途与能力
The name/description (risk identification and prioritization) matches the SKILL.md content: a risk assessment framework and output template. The skill does not request unrelated binaries, credentials, or config paths.
✓ 指令范围
SKILL.md contains only templates and step-by-step guidance for identifying and prioritizing risks. It does not instruct the agent to read files, access environment variables, call external endpoints, or perform system actions outside the stated purpose.
✓ 安装机制
There is no install spec and no code files. Being instruction-only, the skill will not write artifacts to disk or fetch external packages.
✓ 凭证需求
No environment variables, credentials, or config paths are required. The declared requirements are minimal and proportional to a template-based risk-assessment skill.
✓ 持久化与权限
The skill is not forced-always, requests no persistent presence, and does not modify agent/system configuration. Normal autonomous invocation is allowed (platform default).
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/22
Initial release of the risk-matrix skill: - Provides a framework for identifying, assessing, and prioritizing risks by impact and controllability. - Includes sample risk categories, detailed risk matrix, and structured templates for risk identification, assessment, and mitigation. - Offers clear output formats for visual matrix, risk register, response actions, and early warning indicators. - Aligned with industry standards (ISO 31000, COSO) for project planning and strategic decision support. - Includes practical tips for effective risk management and ongoing process updates.
● 无害
安装命令 点击复制
官方npx clawhub@latest install risk-matrix
镜像加速npx clawhub@latest install risk-matrix --registry https://cn.clawhub-mirror.com
技能文档
Metadata
- Name: risk-matrix
- Description: Risk identification and prioritization framework
- Triggers: risk matrix, risk assessment, risk analysis, risk prioritization
Instructions
You are a risk manager analyzing risks for $ARGUMENTS.
Identify, assess, and prioritize risks to inform mitigation strategy.
Framework
Risk Assessment Dimensions
Impact (Significance)
- High: Major financial loss, strategic damage, regulatory issue
- Medium: Moderate financial impact, operational disruption
- Low: Minor impact, easily absorbed
Controllability
- Manageable: Within our control
- Mitigatable: Can reduce but not eliminate
- Non-controllable: External, must accept
The 2×2 Risk Matrix
IMPACT
HIGH MEDIUM LOW
┌───────────┬───────────┬───────────┐
HIGH │ CRITICAL │ ACCEPT │ ACCEPT │
│ ⚠️⚠️⚠️ │ ✅ │ ✅ │
CONTROLLABILITY │ Monitor & │ Manage │ Monitor │
MEDIUM │ Mitigate │ │ │
├───────────┼───────────┼───────────┤
LOW │ TRANSFER │ MANAGE │ IGNORE │
│ 🔸 │ ⚠️ │ ⚪ │
│ Insurance │ Conting. │ Watch │
└───────────┴───────────┴───────────┘
Risk Categories
| Category | Examples |
|---|---|
| Financial | Cost overrun, currency, credit |
| Operational | Supply chain, technology, people |
| Strategic | Competition, market shift, regulation |
| Reputational | Brand damage, PR crisis |
| Compliance | Regulatory, legal, ethical |
| Environmental | Natural disaster, climate |
Output Format
## Risk Matrix: [Project/Initiative/Decision]Scope
Subject: [What's being analyzed]
Context: [Background]
Time Horizon: [Planning period]
Risk Identification
ID Risk Category Risk Description Trigger Event R1 Financial [Description] [What would cause this] R2 Operational [Description] [What would cause this] R3 Strategic [Description] [What would cause this] R4 Compliance [Description] [What would cause this] R5 Reputational [Description] [What would cause this] R6 Environmental [Description] [What would cause this]
Risk Assessment Matrix
Risk Impact Controllability Financial Impact Probability Priority R1 High Low $X M 30% 🔴 Critical R2 High Medium $Y M 20% 🔴 Critical R3 Medium High $Z M 40% 🟡 Manage R4 Medium Medium $W M 50% 🟡 Manage R5 Low Low $V M 10% 🟢 Accept R6 Low High $U M 60% 🟢 Accept
Visual Matrix
Legend: 🔴 Critical - Must address immediately 🟡 Manage - Active monitoring and mitigation 🟢 Accept - Monitor only
Risk Details & Mitigation
🔴 Critical Risks
R1: [Risk Name]
- Description: [What could happen]
- Trigger: [What would cause it]
- Impact if realized: $X M / [Other consequences]
- Probability: X%
- Current controls: [What's in place]
- Mitigation strategy: [What to do]
- Owner: [Who's responsible]
- Residual risk: [Risk after mitigation]
- Cost of mitigation: $Y
R2: [Risk Name]
- [Same structure]
🟡 Managed Risks
R3: [Risk Name]
- Description: [What could happen]
- Trigger: [What would cause it]
- Impact if realized: $X M
- Probability: X%
- Monitoring plan: [How we'll track]
- Contingency: [What we'll do if it happens]
- Owner: [Who's responsible]
[Continue for all managed risks]
🟢 Accepted Risks
R5: [Risk Name]
- Description: [What could happen]
- Impact if realized: $X M
- Why accepted: [Rationale]
- Monitoring: [Basic tracking]
[Continue for all accepted risks]
Risk Response Summary
Risk Response Type Action Owner Status R1 Mitigate [Action] [Name] ⏳ In progress R2 Transfer Insurance/Contract [Name] ⏳ In progress R3 Mitigate [Action] [Name] ⏳ In progress R4 Accept Monitor [Name] ✅ In place R5 Accept Monitor [Name] ✅ In place R6 Accept Monitor [Name] ✅ In place
Response Types:
- Mitigate: Reduce probability or impact
- Transfer: Insurance, contracts, outsourcing
- Accept: Acknowledge and monitor
- Avoid: Change plan to eliminate risk
Risk Register
Total Risk Exposure: $X M (weighted by probability)
Critical Risks: 2 (require immediate action)
Managed Risks: 2 (active monitoring)
Accepted Risks: 2 (monitor only)
Risk Trend: Increasing / Stable / Decreasing
Risk Capacity: $Y M available to absorb
Headroom: $Z M
Early Warning Indicators
Risk Leading Indicator Threshold Current Status R1 [Metric] [Value] [Actual] 🟢 OK R2 [Metric] [Value] [Actual] 🟡 Watch R3 [Metric] [Value] [Actual] 🟢 OK
Next Steps
Immediate (This Week)
- [Action for R1]
- [Action for R2]
Short-term (This Month)
- [Action for R3]
- [Set up monitoring]
Ongoing
- Monthly risk review
- Quarterly reassessment
- Update as conditions change
Tips
- Focus on material risks - don't list everything
- Be specific about triggers and impacts
- Quantify financial impact where possible
- One risk owner per risk
- Distinguish between inherent and residual risk
- Update regularly - risks change
- The process matters as much as the matrix
- Don't over-mitigate - some risk is acceptable
References
- ISO 31000:2018 - Risk Management Guidelines
- COSO Enterprise Risk Management Framework
- Hubbard, Douglas. The Failure of Risk Management. 2009.
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制