Eu Ai Compliance
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Confidential AI system details could be transmitted to the external service when using the classification endpoint.
The documented workflow sends AI system descriptions to a third-party web endpoint, and the artifact does not describe privacy, retention, or data-boundary terms.
curl "https://soul.sputnikx.xyz/soul/compliance/risk-classification?description=facial+recognition+for+hiring"
Use non-sensitive summaries unless you trust the provider and have reviewed its privacy and retention terms.
Calling the paid endpoints could result in charges if used through a payment-capable setup.
The skill documents paid external API calls. The prices are disclosed, but the artifact does not define an explicit user-approval gate for paid requests.
Self-Assessment ($1.00 x402 USDC) ... Full Compliance Report ($2.00 x402 USDC)
Confirm the domain, price, and user approval before invoking any paid endpoint.
Compliance data submitted to the service may become part of persistent provider-side logs or monitoring workflows.
The service advertises persistent logging and runtime monitoring, which is aligned with compliance logging but may retain submitted compliance information.
- Hash-chain logging (SHA-256, append-only) - Runtime monitoring (not one-time reports)
Check what data is logged, how long it is retained, and whether deletion or export controls exist before sending sensitive material.