Customer Background Check
v1.0.0对客户公司做三查式合规背调,重点覆盖 OFAC 制裁名单检索、BIS/ECFR 黑名单地址关键词核查,以及生成给商务部同事 Dora 或 Shellen 的协查请求。用于用户要求“做客户背调”“查客户是否在制裁名单”“查注册地址是否在黑名单”“做三查”“生成给 Dora/Shellen 的出口数据协查消息”等场景。
⭐ 0· 62·0 current·0 all-time
by@kittymi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name, description and SKILL.md all consistently describe OFAC name/address checks, ECFR address text search, and drafting a message to internal contacts. The skill does not request unrelated binaries, env vars, or installs.
Instruction Scope
Instructions explicitly direct the agent to open two government sites, fill search fields, perform Ctrl+F style page searches, extract visible result text, and draft messages. This is within the stated purpose. Note: the skill expects semi‑automatic web interactions (browser tooling) and reading page contents — so the agent will transmit user-provided company/address info to those public sites and will observe page content.
Install Mechanism
No install spec and no code files; lowest install risk. The skill is instruction-only and nothing is written to disk or fetched during install.
Credentials
The skill requires no environment variables, credentials, or config paths. Requested actions (web searches and message drafting) do not require additional secrets, so the lack of credential requests is proportionate.
Persistence & Privilege
always:false and user-invocable; autonomous invocation is allowed by platform default but the skill does not request elevated or persistent privileges or modify other skills. The SKILL.md instructs to confirm before sending messages to contacts.
Assessment
This skill is coherent and does what it says: it will use a browser tool to query OFAC and ECFR pages and draft a request to internal colleagues. Before installing or running it, verify: (1) your agent's browser/tooling is sandboxed and you are comfortable having the company name/address you provide entered into public government search forms; (2) the 'Dora'/'Shellen' recipients are correct and you want the agent to potentially send messages (the skill says to confirm before sending — prefer drafting only); (3) always manually review any "疑似命中/需人工复核" findings before making compliance decisions; and (4) if you need stricter data handling (avoid sending full PII), redact unnecessary fields before asking the skill to run. If you want additional assurance, request a version that logs less context or that runs in read-only/manual mode so the agent only provides guidance instead of performing web interactions.Like a lobster shell, security has layers — review code before you run it.
latestvk977f8g0bgb9fn7sb10s112jkh84j2xa
License
MIT-0
Free to use, modify, and redistribute. No attribution required.