Customs Analytics
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill coherently points users to a disclosed external customs analytics API/MCP service, with no code, install step, credentials, local file access, or persistence shown.
This skill appears safe to install as an instruction-only connector, but treat SputnikX as a third-party paid service: verify the provider, pricing, and MCP permissions before allowing automatic or repeated queries.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may send customs query parameters to sputnikx.xyz and may incur small per-call charges.
The skill documents calls to a paid external API endpoint. This is aligned with the customs analytics purpose and the price is disclosed, but users should be aware of possible per-request charges and network calls.
### Customs Overview ($0.10 x402) ```bash curl "https://sputnikx.xyz/api/v1/agent/customs/overview?year=2025" ```
Confirm pricing and user intent before making repeated or paid API calls, especially if the agent can invoke the skill autonomously.
If connected, user queries or task context sent through the MCP server may be visible to the third-party provider.
The skill offers an external MCP server for customs queries. This is purpose-aligned, but MCP use means query content may be shared with a third-party tool endpoint whose permissions and plan controls are outside the artifact.
## MCP Server ``` Endpoint: https://mcp.sputnikx.xyz/mcp Tool: query_customs (if available in your plan) ```
Only connect the MCP server if you trust the provider, understand the plan/authentication requirements, and avoid sending unrelated sensitive information.