Eu Ai Compliance
PassAudited by ClawScan on May 1, 2026.
Overview
This is an instruction-only EU AI compliance helper, but it routes data to a third-party service and includes disclosed paid endpoints.
Before installing or using this skill, verify that you trust the soul.sputnikx.xyz and soulledger.sputnikx.xyz services, avoid sending confidential system details unless appropriate, and require explicit approval before any paid x402 USDC endpoint is called.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Confidential AI system details could be transmitted to the external service when using the classification endpoint.
The documented workflow sends AI system descriptions to a third-party web endpoint, and the artifact does not describe privacy, retention, or data-boundary terms.
curl "https://soul.sputnikx.xyz/soul/compliance/risk-classification?description=facial+recognition+for+hiring"
Use non-sensitive summaries unless you trust the provider and have reviewed its privacy and retention terms.
Calling the paid endpoints could result in charges if used through a payment-capable setup.
The skill documents paid external API calls. The prices are disclosed, but the artifact does not define an explicit user-approval gate for paid requests.
Self-Assessment ($1.00 x402 USDC) ... Full Compliance Report ($2.00 x402 USDC)
Confirm the domain, price, and user approval before invoking any paid endpoint.
Compliance data submitted to the service may become part of persistent provider-side logs or monitoring workflows.
The service advertises persistent logging and runtime monitoring, which is aligned with compliance logging but may retain submitted compliance information.
- Hash-chain logging (SHA-256, append-only) - Runtime monitoring (not one-time reports)
Check what data is logged, how long it is retained, and whether deletion or export controls exist before sending sensitive material.