Sanctions Screening, KYB & AML Compliance

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed paid compliance-screening helper that calls GoCreative API endpoints and does not include hidden code, persistence, or unrelated access.

Before installing, make sure you are comfortable sending names, domains, wallet identifiers, or company details to GoCreative for screening and with x402 auto-payment in USDC for each request. Treat any PASS/WARN/BLOCK result as compliance input that may need human or policy review, not as the sole authority for sensitive onboarding, payment, or contracting decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 76% confidence
Finding: The activation guidance is broad enough to encourage use for any decision about whether an entity is 'legit / safe / sanctioned,' which can cause the agent to invoke the skill in situations beyond strict compliance screening. That increases the chance of unnecessary data sharing to a third-party service and over-reliance on an external PASS/WARN/BLOCK verdict for sensitive operational decisions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal