Vendor Performance Audit — 供应商绩效审计

Name: Vendor Performance Audit — 供应商绩效审计
Author: flynndavid

flynndavid

Vendor Performance Audit — 供应商绩效审计

v1.0.0

该技能提供结构化的季度供应商审计系统，使用加权KPI评分卡对供应商的交付、质量、沟通、成本和战略对齐度进行评估，指导续约、改进或解约决策。

0· 285·0 当前·0 累计

by @flynndavid·MIT-0

工作流开发工具 API工具自动化

下载技能包

License

MIT-0

最后更新

2026/4/11

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

可疑

medium confidence

该技能是一个连贯的供应商审计清单，但其运行指令预期访问内部票据/日志系统和证据来源，而没有声明如何提供凭证或数据访问。范围不明确，可能导致如果允许代理自动检索记录，则会导致广泛的数据访问。

评估建议

该技能本质上是一个面向人类的审计模板，具有明确的评分规则 —— 有用 —— 但它预期代理“拉取票据数据、交付日志或事件记录”，而没有指定如何连接到这些系统。安装或启用该技能之前：确认代理将访问哪些票据/日志系统（JIRA、ServiceNow、Zendesk、PagerDuty、S3/云日志、内部DB）以及如何提供凭证。首选只读、范围受限的凭证和明确的允许列表（仅供应商X的记录，日期范围Y）。向发布者询问代理将读取/存储的数据以及生成的报告在哪里被持久化或传输。首先在非生产或样本供应商数据集上进行测试。确保启用审计日志（谁/何时访问了记录）。如果发布者无法解释如何范围数据访问，则将该技能视为更高风险 —— 不要授予对内部票据或日志的广泛访问权限。...

详细分析 ▾

ℹ 用途与能力

The name, description, and scoring framework align with a vendor-performance audit. However, the SKILL.md repeatedly requires the agent to "pull ticket data, delivery logs, or incident records" and to review incident logs — capabilities that normally require credentials or integrations (JIRA, ServiceNow, Zendesk, cloud logging, ticket DBs). The skill does not declare any required credentials or integrations, so there is a mild mismatch between expected data access and declared requirements.

⚠ 指令范围

Instructions are operational and actionable (scorecard, weighted calculation, incident severity modifiers, improvement-plan template). They explicitly direct the agent to obtain evidence from ticket systems and logs and to review incident histories. Those directives are useful for the audit purpose but are vague about which systems/sources to use and grant the agent broad discretion to access any available records — this is scope creep that could result in the agent reading sensitive internal files or services if permitted.

✓ 安装机制

No install spec and no code files; the skill is instruction-only. This minimizes filesystem/remote-code risk — nothing is downloaded or executed by the skill package itself.

⚠ 凭证需求

The skill declares no required environment variables or credentials, yet its runtime instructions require access to potentially sensitive systems (ticketing/incident logs, delivery logs). The absence of declared credentials or integration requirements is disproportionate to the data the skill asks for and leaves unclear how the agent should be given access (and whether that access will be scoped/read-only).

✓ 持久化与权限

The skill is not set to always: true, and model invocation is not disabled (normal). It does not request persistence or system-level configuration changes. There is no explicit privilege escalation or modification of other skills' configs.

安全有层次，运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发，无需署名。

查看条款 ↗

运行时依赖

无特殊依赖

版本

latestv1.0.02026/3/4

供应商绩效审计技能的初始发布。提供结构化的季度审计系统，使用加权KPI评分卡进行供应商评估。包括基于阶段的流程：评分、合成层级分配、事件日志审查、改进计划和解约标准。设计用于定期审查、触发事件或续约前评估。包括改进计划和审计调度模板。

● 可疑

安装命令点击复制

官方npx clawhub@latest install vendor-performance-audit

镜像加速npx clawhub@latest install vendor-performance-audit --registry https://cn.clawhub-mirror.com

技能文档

# 供应商绩效审计 框架：供应商绩效评分卡 (VPS) 输出：评分后的供应商审查、改进计划或解约推荐 大多数供应商关系会漂移，因为没有人测量它们。该季度审计系统提供了一个结构化的方式来评估每个重要供应商，提前发现问题，并做出基于数据的决定关于续约、重新谈判或替换。 --- ## 何时运行此审计 - 季度对所有优先供应商（ACV > $10K 或运营关键） - 半年对标准供应商 - 触发任何一次主要事件发生（SLA违反、安全问题、交付失败） - 续约前 （至少 60 天前） --- （由于原始内容较长，仅翻译了部分，若需要完整翻译，请告知）

Framework: Vendor Performance Scorecard (VPS) Output: Scored vendor review, improvement plan or offboarding recommendation

Most vendor relationships drift because nobody's measuring them. This quarterly audit system gives you a structured way to evaluate every significant vendor, surface problems before they escalate, and make data-driven decisions about renewing, renegotiating, or replacing.

When to Run This Audit

Quarterly for all Priority vendors (ACV > $10K or operationally critical)
Semi-annually for Standard vendors
Triggered any time a major incident occurs (SLA breach, security issue, delivery failure)
Pre-renewal (minimum 60 days before contract end)

Phase 1: KPI Scorecard

Rate each dimension 1-5. Be honest — this is for your decision-making, not the vendor's feelings.

Dimension 1: Delivery & SLA Performance (Weight: 30%)

Score	Criteria
5	Consistently exceeds SLA. Proactive communication on any hiccup. Zero surprise failures.
4	Meets SLA >95% of the time. Issues are rare and resolved quickly.
3	Meets SLA most of the time. Occasional misses with reasonable resolution.
2	Frequent SLA misses. Resolution is slow or requires escalation.
1	Regular delivery failures. SLA is aspirational, not operational.

Evidence required: Pull ticket data, delivery logs, or incident records. Don't score from memory.

Dimension 2: Quality of Output (Weight: 25%)

Score	Criteria
5	Output exceeds expectations. Error rate near zero. Rework is essentially unheard of.
4	Output meets quality bar consistently. Minor issues handled proactively.
3	Generally acceptable quality. Some rework required.
2	Quality is inconsistent. Rework is common. Internal team spends time fixing vendor output.
1	Output frequently doesn't meet standards. Significant internal overhead to compensate.

Dimension 3: Responsiveness & Communication (Weight: 20%)

Score	Criteria
5	Always reachable. Proactively surfaces issues. Communication is clear and timely.
4	Responsive within agreed SLA. Communicates proactively most of the time.
3	Generally responsive but reactive. Sometimes requires chasing.
2	Slow to respond. You often initiate all communication. Escalations required.
1	Unreliable contact. Incidents discovered by you, not surfaced by them.

Dimension 4: Value vs. Cost (Weight: 15%)

Score	Criteria
5	Clear ROI. Cost is at or below market for quality delivered. Strong value demonstrated.
4	Good value. Cost is reasonable given output and relationship quality.
3	Market rate. Neither a bargain nor obviously overpriced.
2	Starting to feel overpriced relative to value delivered or market alternatives.
1	Overpriced for what we get. Alternatives would deliver more for less.

Dimension 5: Strategic Alignment & Roadmap (Weight: 10%)

Score	Criteria
5	Deeply aligned. They understand our business and proactively help us get where we're going.
4	Good alignment. They know our goals and adjust accordingly.
3	Transactional but functional. Delivers what's scoped, no more.
2	Misaligned in places. Their direction and ours are diverging.
1	No alignment. Product/service is moving away from our needs.

Phase 2: Composite Score & Tier Classification

Weighted score calculation:

VPS = (D1 × 0.30) + (D2 × 0.25) + (D3 × 0.20) + (D4 × 0.15) + (D5 × 0.10)

Max score = 5.0

VPS Range	Tier	Recommended Action
4.0 – 5.0	🟢 Green — Trusted Partner	Renew, consider expanding scope or strategic partnership
3.0 – 3.9	🟡 Yellow — Watch	Renew with conditions; issue improvement plan for lowest-scoring dimension
2.0 – 2.9	🟠 Orange — At Risk	Renegotiate terms or begin sourcing alternatives; 60-day improvement window
1.0 – 1.9	🔴 Red — Replace	Begin active replacement process; do not renew

Phase 3: Issue Log Review

Before finalizing the score, review your incident/ticket log for this vendor over the review period:

How many incidents were opened? How many are still open?
What was the average resolution time? Compare to SLA.
Were any incidents flagged as critical/high-impact?
Did any incidents result in downstream business impact (revenue loss, client complaints, compliance exposure)?

Incident severity modifier:

1+ critical incident with unresolved root cause → drop tier by one level
3+ medium incidents unresolved → flag for improvement plan regardless of VPS score

Phase 4: Improvement Plan Template (Yellow & Orange Tiers)

If VPS < 4.0, issue a formal improvement plan:

Improvement Plan — [Vendor Name] — [Quarter]

Review Period: [start] – [end]
VPS Score: [X.X] / 5.0
Tier: Yellow / Orange
Review Date: [90 days from today]

Key Issues Identified:

[Specific issue with evidence]
[Specific issue with evidence]

Required Improvements:

[Specific, measurable change required] — Target: [metric] by [date]
[Specific, measurable change required] — Target: [metric] by [date]

Consequences if not met:

Yellow: Move to Orange tier; begin parallel sourcing
Orange: Contract not renewed; active replacement begins

Acknowledgment: Share this plan with the vendor. Get written acknowledgment.

Phase 5: Offboarding Trigger Criteria

Initiate replacement when ANY of the following are true:

VPS score < 2.0
Two consecutive quarters in Orange tier
Critical incident with material business impact and no credible root cause fix
Vendor signals they are discontinuing the product/service
Market alternative offers >30% better value at equivalent quality
Compliance or security failure

When trigger is met: immediately move to replacement sourcing and set a hard cutover date.

Audit Schedule Template

Vendor	Category	ACV	Tier	Last Audit	Next Audit	Owner
[Name]	Software	$X	Green	[date]	[date]	[name]

Run this as a quarterly review in your ops calendar.

数据来源：ClawHub ↗ · 中文优化：龙虾技能库

OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险，如需更匹配、更安全的方案，建议联系付费定制

了解定制服务

License

运行时依赖

版本

安装命令 点击复制

技能文档

When to Run This Audit

Phase 1: KPI Scorecard

Dimension 1: Delivery & SLA Performance (Weight: 30%)

Dimension 2: Quality of Output (Weight: 25%)

Dimension 3: Responsiveness & Communication (Weight: 20%)

Dimension 4: Value vs. Cost (Weight: 15%)

Dimension 5: Strategic Alignment & Roadmap (Weight: 10%)

Phase 2: Composite Score & Tier Classification

Phase 3: Issue Log Review

Phase 4: Improvement Plan Template (Yellow & Orange Tiers)

Phase 5: Offboarding Trigger Criteria

Audit Schedule Template

安装命令点击复制