vendorshield-risk-scoring-mcp

v0.1.0

Published

14 days ago

MCP server for third-party vendor risk assessment — score vendors across financial, operational, cybersecurity, compliance, and concentration dimensions with automated risk tiering and mitigation recommendations

0High
0Medium
0Low

crawde

mcp model-context-protocol vendor-risk third-party-risk tprm vendor-management risk-assessment risk-scoring compliance cybersecurity-risk supply-chain-risk procurement due-diligence vendorshield

vendorshield-risk-scoring-mcp

MCP server for third-party vendor risk assessment. Score vendors across financial, operational, cybersecurity, compliance, and concentration dimensions with automated risk tiering and actionable mitigation recommendations.

Part of the VendorShield suite — AI-powered vendor compliance and risk management.

Installation

{
  "mcpServers": {
    "vendorshield-risk": {
      "command": "npx",
      "args": ["-y", "vendorshield-risk-scoring-mcp"]
    }
  }
}

Tools

assess_vendor_risk

Comprehensive risk assessment across 5 dimensions:

Financial Stability (20%) — revenue trend, profitability, years in business, credit rating
Cybersecurity Posture (25%) — SOC 2, ISO 27001, encryption, MFA, IR plan, DR plan
Operational Resilience (20%) — SLA history, redundancy, geographic diversity, key person risk
Regulatory Compliance (20%) — framework coverage, DPA, data residency, breach history
Concentration Risk (15%) — spend percentage, alternatives, switching cost, data portability

Returns: overall score (0-100), risk tier, per-dimension findings, and prioritized mitigation actions.

quick_risk_score

Rapid vendor triage from minimal inputs. Provides estimated risk tier and key concerns in seconds. Use for initial screening before committing to a full assessment.

compare_vendor_risk

Side-by-side comparison of 2-5 vendors. Ranks by overall score, identifies strengths/weaknesses per vendor, supports priority dimension weighting, and calculates risk-adjusted cost efficiency.

generate_risk_report

Produces a formatted Markdown report suitable for:

Risk committee presentations
Audit documentation
Stakeholder review packages
Compliance evidence files

analyze_concentration_risk

Portfolio-level analysis across all your vendors:

Identifies single points of failure (critical vendors with no alternatives)
Category concentration (single-vendor categories, high spend %)
Geographic concentration risk
Diversification recommendations

Risk Tiers

| Score | Tier | Review Frequency | |-------|------|-----------------| | 0-20 | Critical | Monthly | | 21-40 | High | Quarterly | | 41-60 | Medium | Semi-annual | | 61-80 | Low | Annual | | 81-100 | Minimal | Biennial |

Use Cases

Procurement teams: Score vendors during selection, compare finalists side-by-side
Risk managers: Ongoing portfolio monitoring, concentration analysis, board reporting
Compliance officers: Audit-ready risk documentation, framework gap analysis
Contract renewals: Re-assess before renewal, identify leverage for negotiation

License

MIT

Published

Vulnerabilities

Links

Maintainers

Keywords

Readme

vendorshield-risk-scoring-mcp

Installation

Tools

assess_vendor_risk

quick_risk_score

compare_vendor_risk

generate_risk_report

analyze_concentration_risk

Risk Tiers

Use Cases

License